Scan Report
0 /100
tutor-lms
Tutor LMS integration via Membrane CLI. Manage courses, students, and automate workflows.
This is a pure documentation-only skill with no executable code. All shell and network capabilities are explicitly declared in SKILL.md for interacting with the Membrane CLI.
Safe to install
This skill is safe to use. No action required.
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Filesystem | NONE | NONE | — | No file operations in skill |
| Network | WRITE | WRITE | ✓ Aligned | SKILL.md declares 'network access' in compatibility; membrane request CLI comman… |
| Shell | WRITE | WRITE | ✓ Aligned | SKILL.md declares npm install, membrane login, membrane connect, membrane action… |
| Environment | NONE | NONE | — | No environment variable access described |
| Skill Invoke | NONE | NONE | — | No skill invocation patterns found |
| Clipboard | NONE | NONE | — | No clipboard access |
| Browser | NONE | NONE | — | Browser opens only for OAuth login flow, which is declared |
| Database | NONE | NONE | — | No direct database access |
2 findings
Medium External URL 外部 URL
https://getmembrane.com SKILL.md:7 Medium External URL 外部 URL
https://docs.themeum.com/tutor-lms/ SKILL.md:19 File Tree
1 files · 4.5 KB · 139 lines Markdown 1f · 139L
└─
SKILL.md
Markdown
Security Positives
✓ No executable code present — this is a documentation-only skill
✓ All shell commands (npm install, membrane CLI) are explicitly declared in SKILL.md
✓ Network access is declared in compatibility metadata
✓ No obfuscation, base64 encoding, or anti-analysis patterns
✓ No credential harvesting — credentials are handled server-side by Membrane
✓ No sensitive path access (~/.ssh, ~/.aws, .env)
✓ No dependencies or package files that could introduce supply chain risk
✓ Uses a legitimate third-party CLI (Membrane) for integration rather than raw credential handling
✓ Documentation clearly states to use Membrane for auth lifecycle instead of asking users for API keys