tripetto 安全扫描报告 — 低风险 | ClawSafe

20 /100

tripetto

Tripetto integration. Manage data, records, and automate workflows.

This is a legitimate Tripetto integration skill documented in SKILL.md with no executable code or malicious behavior detected.

技能名称tripetto

分析耗时28.6s

引擎pi

✓

可以安装

Skill is safe to use. Consider pinning CLI versions in npm install commands for better supply chain hygiene.

安全发现 1 项

严重性	安全发现	位置
低危	npm install without version pinning 供应链 The command 'npm install -g @membranehq/cli' does not specify a version, allowing any version to be installed. `npm install -g @membranehq/cli` → Pin to a specific version: npm install -g @membranehq/[email protected]	`SKILL.md:26`

资源类型	声明权限	推断权限	状态	证据
网络访问	`READ`	`READ`	✓ 一致	SKILL.md - requires network access for API integration
命令执行	`WRITE`	`WRITE`	✓ 一致	SKILL.md:26-27 - npm install and membrane CLI commands
文件系统	`NONE`	`NONE`	—	No file operations documented

2 项发现

🔗

中危外部 URL 外部 URL

https://getmembrane.com

SKILL.md:7

🔗

中危外部 URL 外部 URL

https://tripetto.app/docs/

SKILL.md:19

1 文件 · 4.4 KB · 123 行

Markdown 1f · 123L

└─ 📝 SKILL.md Markdown 123L · 4.4 KB

✓ No executable code present - purely documentation

✓ Credential handling is server-side through Membrane platform

✓ No credential harvesting or exfiltration

✓ No obfuscation or base64-encoded payloads

✓ No sensitive file access (SSH, AWS, .env)

✓ No reverse shell or C2 indicators

✓ Uses documented CLI tool for legitimate integration

✓ Network access properly declared in compatibility section