asavie 安全扫描报告 — 低风险 | ClawSafe

10 /100

asavie

Asavie integration for managing data, records, and workflow automation via Membrane CLI

Asavie integration skill contains only documentation with no malicious indicators; all shell commands are explicitly declared and legitimate for CLI-based integration.

技能名称asavie

分析耗时31.5s

引擎pi

✓

可以安装

Skill is safe to use. No action required.

安全发现 1 项

严重性	安全发现	位置
低危	npm package version not pinned 供应链 SKILL.md uses 'npm install -g @membranehq/cli' without specifying a version. While not inherently malicious, this could lead to unexpected behavior if the package changes. `npm install -g @membranehq/cli` → Consider pinning to a specific version: npm install -g @membranehq/[email protected]	`SKILL.md:31`

资源类型	声明权限	推断权限	状态	证据
文件系统	`WRITE`	`WRITE`	✓ 一致	SKILL.md:line 31 npm install -g requires filesystem WRITE
网络访问	`READ`	`READ`	✓ 一致	SKILL.md:line 73 membrane request allows HTTP API calls
命令执行	`WRITE`	`WRITE`	✓ 一致	SKILL.md:lines 31-88 all shell commands documented
环境变量	`NONE`	`NONE`	—	No environment variable access declared or observed

2 项发现

🔗

中危外部 URL 外部 URL

https://getmembrane.com

SKILL.md:7

🔗

中危外部 URL 外部 URL

https://www.asavie.com/developer-portal/

SKILL.md:19

目录结构

1 文件 · 5.2 KB · 179 行

Markdown 1f · 179L

└─ 📝 SKILL.md Markdown 179L · 5.2 KB

依赖分析 1 项

包名	版本	来源	已知漏洞	备注
`@membranehq/cli`	`latest`	npm	否	Version not pinned

安全亮点

✓ All shell commands explicitly documented in SKILL.md

✓ No hidden or undocumented functionality detected

✓ No credential theft patterns (credentials managed server-side by Membrane)

✓ No base64 encoding, eval patterns, or obfuscation

✓ No access to sensitive paths (~/.ssh, ~/.aws, .env)

✓ No external IP connections (all routed through Membrane proxy)

✓ No data exfiltration indicators

✓ No persistence mechanisms (no cron jobs, startup hooks, or backdoors)