Scan Report
5 /100
greythr
GreytHR integration. Manage data, records, and automate workflows using Membrane CLI.
This is a documentation-only skill (SKILL.md) that describes how to use the Membrane CLI for GreytHR integration. All declared capabilities (shell:WRITE for npm install, network:READ for API access) are necessary and properly documented.
Safe to install
No action needed. The skill is safe to use as it only contains documentation.
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Shell | WRITE | WRITE | ✓ Aligned | SKILL.md:44 - npm install -g @membranehq/cli |
| Network | READ | READ | ✓ Aligned | SKILL.md:68-90 - membrane request/proxy for API calls |
| Filesystem | NONE | NONE | — | No file operations declared or observed |
| Environment | NONE | NONE | — | No env access declared or observed |
| Skill Invoke | NONE | NONE | — | No nested skill invocation |
| Clipboard | NONE | NONE | — | No clipboard access |
| Browser | NONE | NONE | — | Browser auth mentioned but handled by Membrane CLI externally |
| Database | NONE | NONE | — | No database operations |
2 findings
Medium External URL 外部 URL
https://getmembrane.com SKILL.md:7 Medium External URL 外部 URL
https://help.greytip.com/en/ SKILL.md:19 File Tree
1 files · 4.4 KB · 128 lines Markdown 1f · 128L
└─
SKILL.md
Markdown
Security Positives
✓ Documentation-only skill with no executable code
✓ All CLI usage (npm install, membrane) is explicitly declared in SKILL.md
✓ No credential harvesting or storage - uses Membrane's secure connection management
✓ No base64, eval, or shell injection patterns
✓ No sensitive path access (~/.ssh, ~/.aws, .env)
✓ No remote script execution (curl|bash, wget|sh)
✓ No hidden functionality - all behavior documented
✓ References legitimate third-party tool (Membrane CLI) from npm registry
✓ Authentication handled externally by Membrane (no API keys stored locally)