扫描报告
10 /100
lyanthe
Lyanthe integration for managing data, records, and workflow automation via the Membrane CLI
This skill is a straightforward Membrane CLI wrapper for interacting with Lyanthe. It contains only documentation in SKILL.md with no hidden scripts, credential harvesting, or undeclared behavior.
可以安装
No action needed. The skill is a well-documented Membrane CLI integration. Consider pinning the npm package version in production deployments.
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 命令执行 | WRITE | WRITE | ✓ 一致 | SKILL.md uses bash code blocks (npm install, membrane login, membrane connect, m… |
| 文件系统 | NONE | NONE | — | No file operations declared or performed |
| 网络访问 | NONE | NONE | — | Network access is fully delegated to the Membrane CLI (membrane request), no raw… |
| 环境变量 | NONE | NONE | — | No environment variable access declared or performed |
| 技能调用 | NONE | NONE | — | No cross-skill invocation |
| 剪贴板 | NONE | NONE | — | No clipboard access |
| 浏览器 | NONE | NONE | — | Browser opens for OAuth login only; authentication is external and user-mediated |
| 数据库 | NONE | NONE | — | No direct database access |
2 项发现
中危 外部 URL 外部 URL
https://getmembrane.com SKILL.md:7 中危 外部 URL 外部 URL
https://lyanthe.com/docs SKILL.md:19 目录结构
1 文件 · 4.2 KB · 124 行 Markdown 1f · 124L
└─
SKILL.md
Markdown
安全亮点
✓ All capabilities (shell access) are explicitly declared through bash code blocks in SKILL.md
✓ Credentials are managed by Membrane CLI with no local secret storage — explicitly documented as a best practice
✓ No credential harvesting or environment variable scanning observed
✓ No obfuscated code, base64 payloads, or suspicious string patterns
✓ No sensitive file access (.ssh, .aws, .env paths not referenced)
✓ No download-and-execute patterns (curl|bash, wget|sh) — npm install is a standard package manager operation
✓ No data exfiltration or C2 communication indicators
✓ The skill delegates all network I/O to the Membrane CLI which handles auth transparently server-side
✓ Source repository (github.com/membranedev/application-skills) is publicly verifiable