扫描报告
5 /100
onethread
Onethread integration for managing data, records, and automating workflows
A legitimate Onethread integration skill using the Membrane CLI platform. Well-documented with transparent behavior, OAuth-based auth flow, and no suspicious patterns.
可以安装
Skill is safe to use. No security concerns identified.
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 命令执行 | WRITE | WRITE | ✓ 一致 | SKILL.md:26 - npm install -g @membranehq/cli |
| 网络访问 | READ | READ | ✓ 一致 | SKILL.md:31 - membrane login, membrane connect |
| 文件系统 | NONE | NONE | — | No file operations declared or observed |
2 项发现
中危 外部 URL 外部 URL
https://getmembrane.com SKILL.md:7 中危 外部 URL 外部 URL
https://developers.onethread.com/ SKILL.md:19 目录结构
1 文件 · 4.3 KB · 123 行 Markdown 1f · 123L
└─
SKILL.md
Markdown
安全亮点
✓ Well-documented skill with clear purpose and behavior description
✓ Uses OAuth/browser-based authentication, no hardcoded credentials
✓ All API interactions go through Membrane's secure proxy infrastructure
✓ Credential lifecycle managed server-side by Membrane platform
✓ No credential harvesting or environment variable access
✓ No obfuscation, base64 encoding, or suspicious code patterns
✓ No access to sensitive paths (~/.ssh, ~/.aws, .env)
✓ Reputable vendor (Membrane HQ) with public GitHub repository
✓ Open source skill definition (MIT license)