扫描报告
0 /100
nocodb
Nocodb integration. Manage Projects, Users, Roles. Use when the user wants to interact with Nocodb data.
A legitimate single-file Nocodb integration skill that uses the Membrane CLI to interact with Nocodb, with no hidden functionality, no scripts, and no concerning behavior beyond declared network access.
可以安装
No action needed. The skill is safe to use as documented.
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 文件系统 | NONE | NONE | — | No filesystem access declared or observed. |
| 网络访问 | READ | READ | ✓ 一致 | SKILL.md declares network access for Membrane CLI and Nocodb API interaction. |
| 命令执行 | NONE | NONE | — | No shell execution beyond documented npm/membrane CLI commands. |
| 环境变量 | NONE | NONE | — | No environment variable access observed. |
| 技能调用 | NONE | NONE | — | No cross-skill invocation declared. |
| 剪贴板 | NONE | NONE | — | No clipboard access. |
| 浏览器 | NONE | NONE | — | No browser automation. |
| 数据库 | NONE | NONE | — | Nocodb access is through API via Membrane proxy, not direct DB. |
2 项发现
中危 外部 URL 外部 URL
https://getmembrane.com SKILL.md:7 中危 外部 URL 外部 URL
https://docs.nocodb.com/ SKILL.md:19 目录结构
1 文件 · 4.3 KB · 129 行 Markdown 1f · 129L
└─
SKILL.md
Markdown
安全亮点
✓ Single-file skill with no hidden scripts or binary code.
✓ All functionality is documented inline in SKILL.md — no doc-to-code mismatch.
✓ Delegates authentication to Membrane (open-source, MIT license) — no hardcoded credentials.
✓ Credentials are managed server-side by Membrane, not stored locally — reduces credential theft risk.
✓ Skill explicitly discourages asking users for API keys, directing them to use connections instead.
✓ No external dependencies bundled within the skill (no requirements.txt, package.json, etc.).
✓ No obfuscation, base64, eval, or anti-analysis patterns present.
✓ No sensitive path access (~/.ssh, ~/.aws, .env) observed.
✓ No persistence mechanisms, supply chain issues, or prompt injection vectors.