Scan Report
0 /100
zuplo
Zuplo integration for managing data, records, and workflow automation via Membrane CLI
A minimal, well-documented Zuplo integration skill that uses the Membrane CLI for API gateway management with no hidden functionality or suspicious behavior.
Safe to install
This skill is safe to use. No security concerns identified.
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Shell | WRITE | WRITE | ✓ Aligned | SKILL.md: npm install -g @membranehq/cli |
| Network | READ | READ | ✓ Aligned | SKILL.md: membrane request commands for API calls |
| Filesystem | NONE | NONE | — | No file operations detected |
| Environment | NONE | NONE | — | No environment access detected |
| Skill Invoke | NONE | NONE | — | No skill chaining detected |
| Clipboard | NONE | NONE | — | No clipboard access detected |
| Browser | NONE | NONE | — | No browser automation detected |
| Database | NONE | NONE | — | No database access detected |
2 findings
Medium External URL 外部 URL
https://getmembrane.com SKILL.md:7 Medium External URL 外部 URL
https://www.zuplo.com/docs SKILL.md:19 File Tree
1 files · 4.4 KB · 127 lines Markdown 1f · 127L
└─
SKILL.md
Markdown
Security Positives
✓ No implementation scripts - purely documentation-driven
✓ Credential handling explicitly delegated to Membrane CLI (security best practice)
✓ No hardcoded credentials or API keys in documentation
✓ Best practices documented: prefer pre-built actions over raw API calls
✓ No data exfiltration mechanisms present
✓ No sensitive path access (no ~/.ssh, ~/.aws, .env access)
✓ No base64/encoded payloads or obfuscated code
✓ External URLs are legitimate services (getmembrane.com, zuplo.com)
✓ Follows principle of least privilege by using Membrane's managed auth