vivomeetings 安全扫描报告 — 可信 | ClawSafe

5 /100

vivomeetings

Vivomeetings integration for video conferencing management

Vivomeetings integration skill using Membrane CLI - no malicious behavior detected, all capabilities declared in documentation.

技能名称vivomeetings

分析耗时24.2s

引擎pi

✓

可以安装

This skill is safe to use. No action required.

安全发现 1 项

严重性	安全发现	位置
低危	CLI version not pinned Uses @latest for npm install -g @membranehq/cli and npx commands. While not a security vulnerability per se, this could lead to unexpected behavior if a breaking change is released. `npm install -g @membranehq/cli` → Consider pinning to a specific version (e.g., @1.2.3) for reproducibility.	`SKILL.md:24`

资源类型	声明权限	推断权限	状态	证据
网络访问	`READ`	`READ`	✓ 一致	SKILL.md:45 - membrane request through proxy
命令执行	`WRITE`	`WRITE`	✓ 一致	SKILL.md:24 - npm install -g @membranehq/cli
文件系统	`NONE`	`NONE`	—	No file operations found
环境变量	`NONE`	`NONE`	—	No environment access found
技能调用	`NONE`	`NONE`	—	No skill invocation found
剪贴板	`NONE`	`NONE`	—	No clipboard access found
浏览器	`NONE`	`NONE`	—	No browser automation found
数据库	`NONE`	`NONE`	—	No database access found

2 项发现

🔗

中危外部 URL 外部 URL

https://getmembrane.com

SKILL.md:7

🔗

中危外部 URL 外部 URL

https://developers.vivomeetings.com/

SKILL.md:19

1 文件 · 4.3 KB · 123 行

Markdown 1f · 123L

└─ 📝 SKILL.md Markdown 123L · 4.3 KB

包名	版本	来源	已知漏洞	备注
`@membranehq/cli`	`@latest`	npm	否	Version not pinned - uses @latest

✓ Credentials handled server-side by Membrane - no local secret storage

✓ All shell commands are documented and necessary for the integration

✓ No credential harvesting or exfiltration patterns detected

✓ No base64, eval, or obfuscated code found

✓ No hidden functionality - all behavior declared in SKILL.md

✓ Network access only through documented Membrane proxy

✓ No sensitive path access (~/.ssh, ~/.aws, .env)

✓ No curl|bash or wget|sh remote execution patterns