storyscale 安全扫描报告 — 可信 | ClawSafe

5 /100

storyscale

StoryScale integration for managing data, records, and workflow automation via Membrane CLI

This is a documentation-only skill that provides guidance on using the Membrane CLI for StoryScale integration. No scripts, code, or hidden functionality exists beyond the SKILL.md documentation.

技能名称storyscale

分析耗时30.8s

引擎pi

✓

可以安装

No action needed. The skill is a pure documentation file with no executable code or suspicious behavior.

安全发现 1 项

严重性	安全发现	位置
低危	NPM package not version-pinned The CLI is installed with @membranehq/cli without specifying a version, which could theoretically lead to unexpected updates. This is standard practice for CLI tools and the package is from a known vendor. `npm install -g @membranehq/cli` → Consider pinning to a specific version (e.g., @membranehq/[email protected]) for reproducible builds, though this is a minor concern for CLI tools.	`SKILL.md:32`

资源类型	声明权限	推断权限	状态	证据
命令执行	`WRITE`	`WRITE`	✓ 一致	SKILL.md:32 npm install -g @membranehq/cli
网络访问	`READ`	`READ`	✓ 一致	SKILL.md:53 membrane request for API calls

2 项发现

🔗

中危外部 URL 外部 URL

https://getmembrane.com

SKILL.md:7

🔗

中危外部 URL 外部 URL

https://developers.storyscale.com/

SKILL.md:19

目录结构

1 文件 · 4.3 KB · 123 行

Markdown 1f · 123L

└─ 📝 SKILL.md Markdown 123L · 4.3 KB

依赖分析 1 项

包名	版本	来源	已知漏洞	备注
`@membranehq/cli`	`*`	npm	否	Package not version pinned (minor concern)

安全亮点

✓ No executable scripts or code files present - purely documentation

✓ All shell operations are explicitly declared in SKILL.md

✓ No credential harvesting or sensitive data access

✓ No network exfiltration or suspicious outbound connections

✓ No base64-encoded payloads or obfuscated code

✓ Uses established Membrane CLI toolchain with documented auth handling

✓ No hidden instructions or comments with malicious intent