中文 EN

扫描报告

扫描新文件

可信 — 风险评分 5/100
上次扫描:1 天前 重新扫描
5 /100
ibanity
Ibanity open banking integration using the Membrane CLI
The Ibanity skill is a straightforward open banking integration using the Membrane CLI; no malicious behavior, credential harvesting, or hidden functionality detected.
技能名称ibanity
分析耗时23.6s
引擎pi
可以安装
No action needed. This skill is safe to use as documented.
资源类型声明权限推断权限状态证据
命令执行 WRITE WRITE ✓ 一致 SKILL.md: npm install -g @membranehq/cli; membrane login/connect/action/request …
网络访问 READ READ ✓ 一致 SKILL.md: Proxy requests via membrane request; all external comms routed through…
文件系统 NONE NONE No file read/write operations declared or observed
环境变量 NONE NONE No environment variable access; credentials managed server-side by Membrane
技能调用 NONE NONE No skill self-invocation observed
剪贴板 NONE NONE No clipboard access
浏览器 NONE NONE Browser used only for OAuth login flow via Membrane (legitimate, declared)
数据库 NONE NONE No database access
2 项发现
🔗
中危 外部 URL 外部 URL
https://getmembrane.com
SKILL.md:7
🔗
中危 外部 URL 外部 URL
https://developers.ibanity.com/
SKILL.md:19

目录结构

1 文件 · 4.4 KB · 124 行
Markdown 1f · 124L
└─ 📝 SKILL.md Markdown 124L · 4.4 KB

依赖分析 1 项

包名版本来源已知漏洞备注
@membranehq/cli latest npm Version can be pinned for reproducibility

安全亮点

✓ Credentials are managed server-side by Membrane — no local secret storage or environment variable harvesting
✓ All external network communication is routed through the Membrane proxy platform
✓ Skill uses a well-known, publicly documented CLI (Membrane) with no obfuscation or base64 payloads
✓ Best practices are explicitly documented (prefer pre-built actions over raw API calls, let Membrane handle credentials)
✓ No credential harvesting, no sensitive file access (~/.ssh, ~/.aws, .env), no data exfiltration
✓ No supply chain risks — npm package is from Membrane (legitimate vendor), version can be pinned with @latest
✓ Documentation is clear and matches observed behavior — no doc-to-code mismatch