扫描报告
5 /100
sedna
SEDNA integration for maritime shipping collaboration platform
Documentation-only skill with no executable code; all declared capabilities (shell, network) are appropriately scoped and documented.
可以安装
No action needed. The skill is a simple SKILL.md file with no malicious functionality.
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 命令执行 | WRITE | WRITE | ✓ 一致 | SKILL.md:32 - npm install -g @membranehq/cli; SKILL.md:38 - membrane login |
| 网络访问 | READ | READ | ✓ 一致 | SKILL.md:7 - compatibility states 'Requires network access' |
| 文件系统 | NONE | NONE | — | No file operations mentioned in SKILL.md |
2 项发现
中危 外部 URL 外部 URL
https://getmembrane.com SKILL.md:7 中危 外部 URL 外部 URL
https://docs.sedna.io/ SKILL.md:19 目录结构
1 文件 · 4.3 KB · 124 行 Markdown 1f · 124L
└─
SKILL.md
Markdown
依赖分析 1 项
| 包名 | 版本 | 来源 | 已知漏洞 | 备注 |
|---|---|---|---|---|
@membranehq/cli | latest | npm | 否 | Official Membrane CLI; version pinned to latest in documentation |
安全亮点
✓ No executable code present - skill is documentation-only
✓ Network access declared in compatibility section
✓ Shell commands are standard CLI operations (npm install, membrane CLI)
✓ No credential harvesting or sensitive data access
✓ Uses official Membrane SDK for all API interactions
✓ Credential management handled server-side by Membrane (no local secrets)
✓ No base64, eval, or obfuscated code patterns