扫描报告
0 /100
lightspeed-ecom
Lightspeed eCom integration. Manage data, records, and automate workflows.
This is a legitimate Lightspeed eCommerce integration skill that uses the Membrane CLI for API operations. All behavior is accurately documented with no hidden functionality or security concerns.
可以安装
This skill is safe to use. The Membrane CLI approach is a secure pattern that handles credentials server-side without local secrets.
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 命令执行 | WRITE | WRITE | ✓ 一致 | SKILL.md lines 32-35: npm install, membrane login/run commands |
| 文件系统 | READ | READ | ✓ 一致 | SKILL.md: Documentation content only |
| 网络访问 | READ | READ | ✓ 一致 | SKILL.md lines 62-90: membrane request proxies to Lightspeed API |
2 项发现
中危 外部 URL 外部 URL
https://getmembrane.com SKILL.md:7 中危 外部 URL 外部 URL
https://developers.lightspeedhq.com/ecom/ SKILL.md:19 目录结构
1 文件 · 4.5 KB · 135 行 Markdown 1f · 135L
└─
SKILL.md
Markdown
安全亮点
✓ All behavior accurately declared in SKILL.md
✓ No credential harvesting - Membrane handles auth server-side
✓ No base64/encoded payloads or obfuscation
✓ No sensitive file path access (~/.ssh, ~/.aws, .env)
✓ No curl|bash or wget|sh remote script execution
✓ No data exfiltration or C2 communication
✓ CLI tool usage is documented and necessary for the integration
✓ Legitimate e-commerce platform APIs (Lightspeed, Membrane) - both are real companies
✓ Browser-based OAuth authentication, no password prompts