inedo-otter 安全扫描报告 — 低风险 | ClawSafe

5 /100

inedo-otter

Inedo Otter integration for infrastructure automation and deployment management

Documentation-only skill for Inedo Otter integration using Membrane CLI as a secure authentication intermediary. No implementation code, no credential harvesting, and all network operations flow through the documented Membrane service.

技能名称inedo-otter

分析耗时20.9s

引擎pi

✓

可以安装

This skill is safe to use. All operations use Membrane's CLI which handles authentication server-side. No additional security controls needed.

安全发现 1 项

严重性	安全发现	位置
提示	External URL references SKILL.md references external URLs (getmembrane.com, inedo.com) which is standard for integration documentation `https://getmembrane.com` → No action needed - external documentation links are expected for integration skills	`SKILL.md:7`

资源类型	声明权限	推断权限	状态	证据
文件系统	`NONE`	`NONE`	—	No filesystem access declared or required
网络访问	`READ`	`READ`	✓ 一致	Network access through Membrane CLI only
命令执行	`WRITE`	`WRITE`	✓ 一致	npm install and membrane CLI commands documented
环境变量	`NONE`	`NONE`	—	No environment variable access

2 项发现

🔗

中危外部 URL 外部 URL

https://getmembrane.com

SKILL.md:7

🔗

中危外部 URL 外部 URL

https://inedo.com/support/documentation/otter

SKILL.md:19

目录结构

1 文件 · 4.5 KB · 139 行

Markdown 1f · 139L

└─ 📝 SKILL.md Markdown 139L · 4.5 KB

安全亮点

✓ Uses Membrane as a secure auth intermediary - credentials never stored locally

✓ No executable code - documentation only with no attack surface

✓ No credential harvesting or exfiltration patterns

✓ No suspicious patterns (base64, eval, reverse shell)

✓ Clear documentation of all CLI operations

✓ Follows best practices: discover actions before custom API calls