扫描报告
15 /100
ubuntu-landscape
Ubuntu Landscape integration skill for systems management
This is a documentation-only skill that provides guidance for using Ubuntu Landscape with Membrane CLI; no malicious code or hidden functionality detected.
可以安装
Skill is safe to use. Consider pinning the Membrane CLI to a specific version instead of using @latest to reduce supply chain risk.
安全发现 2 项
| 严重性 | 安全发现 | 位置 |
|---|---|---|
| 低危 | Unpinned npm dependency version 供应链 | SKILL.md:31 |
| 提示 | Documentation-only skill 文档欺骗 | SKILL.md:1 |
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 网络访问 | READ | READ | ✓ 一致 | SKILL.md line 30: npm install requires network access |
| 命令执行 | WRITE | WRITE | ✓ 一致 | SKILL.md: CLI commands (membrane login, membrane action run) |
| 文件系统 | NONE | NONE | — | No file operations performed |
| 环境变量 | NONE | NONE | — | No environment variable access detected |
| 技能调用 | NONE | NONE | — | No cross-skill invocation |
| 剪贴板 | NONE | NONE | — | No clipboard access |
| 浏览器 | NONE | NONE | — | Browser auth handled by Membrane SDK |
| 数据库 | NONE | NONE | — | No database access |
2 项发现
中危 外部 URL 外部 URL
https://getmembrane.com SKILL.md:7 中危 外部 URL 外部 URL
https://landscape.canonical.com/set-up-server SKILL.md:19 目录结构
1 文件 · 4.4 KB · 123 行 Markdown 1f · 123L
└─
SKILL.md
Markdown
依赖分析 1 项
| 包名 | 版本 | 来源 | 已知漏洞 | 备注 |
|---|---|---|---|---|
@membranehq/cli | * (latest) | npm | 否 | Version not pinned; uses @latest tag |
安全亮点
✓ No code execution or scripts present in this skill
✓ All capabilities and behavior are clearly documented in SKILL.md
✓ No credential harvesting - Membrane handles authentication transparently
✓ No data exfiltration - only interacts with declared Ubuntu Landscape API
✓ No sensitive file access (~/.ssh, ~/.aws, .env)
✓ No base64 encoded commands or obfuscation
✓ No suspicious network behavior or hardcoded IPs
✓ Uses legitimate, documented CLI tool (@membranehq/cli)