扫描报告
10 /100
chift
Chift integration. Manage data, records, and automate workflows. Use when the user wants to interact with Chift data.
This is a documentation-only skill that guides users to install and use a legitimate third-party CLI (Membrane) for Chift integration, with all behavior declared in SKILL.md.
可以安装
This skill is safe to use. The only action is installing a documented npm CLI tool, which is standard practice. No additional precautions needed beyond standard npm package installation practices.
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 文件系统 | NONE | NONE | — | SKILL.md only - no file operations |
| 网络访问 | NONE | NONE | — | Delegated to Membrane CLI which handles all network calls |
| 命令执行 | NONE | NONE | — | CLI installation commands are documented and standard |
| 环境变量 | NONE | NONE | — | No environment variable access |
| 技能调用 | NONE | NONE | — | No sub-skill invocation |
| 剪贴板 | NONE | NONE | — | No clipboard access |
| 浏览器 | NONE | NONE | — | Browser auth handled by Membrane CLI |
| 数据库 | NONE | NONE | — | No database access |
2 项发现
中危 外部 URL 外部 URL
https://getmembrane.com SKILL.md:7 中危 外部 URL 外部 URL
https://docs.chift.eu/ SKILL.md:19 目录结构
1 文件 · 4.3 KB · 125 行 Markdown 1f · 125L
└─
SKILL.md
Markdown
安全亮点
✓ Documentation-only skill with no executable code
✓ All commands and behaviors fully declared in SKILL.md
✓ Delegates credential management to a well-defined external CLI (Membrane)
✓ No sensitive file paths accessed (no ~/.ssh, ~/.aws, .env access)
✓ No base64 encoding, eval patterns, or obfuscation
✓ No credential harvesting or data exfiltration indicators
✓ Standard npm package installation from official @membranehq/cli registry
✓ Uses official Chift documentation links
✓ No hidden functionality or shadow behavior