扫描报告
5 /100
sendinblue
Sendinblue marketing automation integration using Membrane CLI for email campaigns, SMS, contacts, and automations
This is a legitimate Sendinblue marketing platform integration skill using the Membrane CLI, with well-documented behavior and server-side credential management. No malicious indicators found.
可以安装
Consider pinning the npm package version (e.g., @membranehq/[email protected]) to improve supply chain hygiene, but the skill is safe to use.
安全发现 1 项
| 严重性 | 安全发现 | 位置 |
|---|---|---|
| 低危 | Unpinned npm package version 供应链 | SKILL.md:23 |
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 网络访问 | READ | READ | ✓ 一致 | SKILL.md:26 - membrane request proxies to Sendinblue API |
| 命令执行 | WRITE | WRITE | ✓ 一致 | SKILL.md:23 - npm install -g @membranehq/cli |
| 文件系统 | NONE | NONE | — | No file operations performed |
| 环境变量 | NONE | NONE | — | Credentials managed server-side by Membrane |
| 凭据 | NONE | NONE | — | SKILL.md:95 - 'Let Membrane handle credentials' |
2 项发现
中危 外部 URL 外部 URL
https://getmembrane.com SKILL.md:7 中危 外部 URL 外部 URL
https://developers.sendinblue.com/ SKILL.md:19 目录结构
1 文件 · 4.6 KB · 136 行 Markdown 1f · 136L
└─
SKILL.md
Markdown
依赖分析 1 项
| 包名 | 版本 | 来源 | 已知漏洞 | 备注 |
|---|---|---|---|---|
@membranehq/cli | latest (unpinned) | npm | 否 | Package not version-pinned; recommend specifying a version for reproducibility |
安全亮点
✓ All shell commands are documented in SKILL.md with clear purpose
✓ Credential handling is explicitly server-side via Membrane - no local credential storage
✓ No sensitive file paths (~/.ssh, ~/.aws, .env) are accessed
✓ No obfuscation techniques (base64, eval, etc.) detected
✓ No direct IP network requests or C2 communication patterns
✓ No credential harvesting or environment variable iteration
✓ API requests go through Membrane's documented proxy mechanism
✓ Browser-based OAuth flow for authentication - no password scraping
✓ Legitimate use case: marketing automation platform integration