salesmsg 安全扫描报告 — 低风险 | ClawSafe

20 /100

salesmsg

Salesmsg integration using Membrane CLI to manage Persons, Organizations, Conversations, Users, Numbers, Templates and more.

Salesmsg integration skill that delegates to the Membrane CLI; no malicious behavior detected, but npm package versions are unpinned creating supply chain exposure.

技能名称salesmsg

分析耗时36.9s

引擎pi

✓

可以安装

Pin CLI versions (e.g., @membranehq/[email protected]) to prevent unexpected changes. Prefer pre-built Membrane actions over raw API proxy requests for better auditability.

安全发现 3 项

严重性	安全发现	位置
低危	Unpinned npm global installation 供应链 SKILL.md instructs 'npm install -g @membranehq/cli' without a version pin, fetching whatever version is currently latest. This allows the upstream package to change behavior silently. `npm install -g @membranehq/cli` → Pin to a specific version: npm install -g @membranehq/[email protected]	`SKILL.md:28`
低危	npx uses @latest without version pinning 供应链 The documentation recommends 'npx @membranehq/cli@latest action list' which always fetches the latest release, bypassing any version lock. `npx @membranehq/cli@latest action list --intent=QUERY` → Use a pinned version in all npx invocations to ensure reproducible behavior.	`SKILL.md:77`
提示	Credential handling is opaque 文档欺骗 The skill delegates authentication entirely to the Membrane CLI, which handles tokens server-side. Users cannot audit or inspect credential storage. This is a known trade-off of the abstraction, not a hidden flaw. `Membrane handles authentication and credentials refresh automatically` → Users should trust the Membrane platform (verified MIT license, public repo). For higher assurance, prefer skills that expose credential handling.	`SKILL.md:22`

资源类型	声明权限	推断权限	状态	证据
文件系统	`NONE`	`NONE`	—	No direct file reads/writes; npm install writes to global node_modules (implicit…
网络访问	`READ`	`READ`	✓ 一致	membrane request makes outbound API calls through Membrane proxy
命令执行	`WRITE`	`WRITE`	✓ 一致	npm install, membrane login, membrane action run commands declared in SKILL.md l…
环境变量	`NONE`	`NONE`	—	Membrane handles auth server-side; no direct env access observed
技能调用	`NONE`	`NONE`	—	No nested skill invocation declared
剪贴板	`NONE`	`NONE`	—	No clipboard access observed
浏览器	`NONE`	`NONE`	—	Browser used for OAuth flow only (membrane login); no headless browser usage
数据库	`NONE`	`NONE`	—	No direct database access

2 项发现

🔗

中危外部 URL 外部 URL

https://getmembrane.com

SKILL.md:7

🔗

中危外部 URL 外部 URL

https://developers.salesmsg.com/

SKILL.md:19

目录结构

1 文件 · 4.5 KB · 135 行

Markdown 1f · 135L

└─ 📝 SKILL.md Markdown 135L · 4.5 KB

依赖分析 1 项

包名	版本	来源	已知漏洞	备注
`@membranehq/cli`	`latest (unpinned)`	npm	否	Version not pinned; fetches latest on install

安全亮点

✓ No direct code execution of obfuscated payloads (base64, eval, etc.)

✓ No access to sensitive paths (~/.ssh, ~/.aws, .env)

✓ No data exfiltration or C2 communication observed

✓ No credential harvesting — Membrane manages auth server-side

✓ MIT license, public GitHub repository — auditable

✓ Reputable domain (getmembrane.com, developers.salesmsg.com)

✓ All shell commands are explicitly declared in SKILL.md

✓ No reverse shell, persistence mechanisms, or cron/scheduled task creation