扫描报告
5 /100
trello
Manage Trello boards, lists, and cards via the Trello REST API
Documentation-only Trello skill with fully declared network access and shell usage. No malicious behavior detected.
可以安装
Skill is safe to use. No action required.
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 文件系统 | NONE | NONE | — | No filesystem access in skill |
| 网络访问 | READ | READ | ✓ 一致 | SKILL.md:22-23 - curl to api.trello.com |
| 命令执行 | WRITE | WRITE | ✓ 一致 | SKILL.md:22 - curl commands documented |
| 环境变量 | READ | READ | ✓ 一致 | SKILL.md:15-16 - TRELLO_API_KEY, TRELLO_TOKEN |
8 项发现
中危 外部 URL 外部 URL
https://developer.atlassian.com/cloud/trello/rest/ SKILL.md:4 中危 外部 URL 外部 URL
https://trello.com/app-key SKILL.md:14 中危 外部 URL 外部 URL
https://api.trello.com/1/members/me/boards?key=$TRELLO_API_KEY&token=$TRELLO_TOKEN SKILL.md:28 中危 外部 URL 外部 URL
https://api.trello.com/1/boards/ SKILL.md:33 中危 外部 URL 外部 URL
https://api.trello.com/1/lists/ SKILL.md:38 中危 外部 URL 外部 URL
https://api.trello.com/1/cards?key=$TRELLO_API_KEY&token=$TRELLO_TOKEN SKILL.md:43 中危 外部 URL 外部 URL
https://api.trello.com/1/cards/ SKILL.md:51 中危 外部 URL 外部 URL
https://api.trello.com/1/members/me/boards?key=$TRELLO_API_KEY&token=$TRELLO_TOKEN&fields=name SKILL.md:77 目录结构
2 文件 · 2.7 KB · 89 行 Markdown 1f · 84L
JSON 1f · 5L
├─
_meta.json
JSON
└─
SKILL.md
Markdown
安全亮点
✓ Documentation-only skill with no executable code - purely instructive examples
✓ All network activity is to legitimate Trello API endpoints (api.trello.com)
✓ Credentials used locally for API authentication only, not exfiltrated
✓ No obfuscation, base64 encoding, or suspicious patterns
✓ Clear warning in SKILL.md about keeping API key and token secret
✓ Rate limits and security warnings properly documented
✓ No sensitive local file access (no ~/.ssh, ~/.aws, .env, etc.)
✓ No supply chain concerns - no dependencies