扫描报告
5 /100
proofpoint
Proofpoint integration - manage data, records, and automate workflows using the Membrane CLI
A legitimate Proofpoint integration skill using the Membrane CLI, with all capabilities (shell:WRITE, network:READ) explicitly declared and no hidden functionality.
可以安装
No action required. The skill is a standard integration tool with transparent documentation and declared permissions.
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 命令执行 | WRITE | WRITE | ✓ 一致 | SKILL.md:29 - npm install -g @membranehq/cli |
| 网络访问 | READ | READ | ✓ 一致 | SKILL.md:42-62 - membrane request for API proxying |
| 文件系统 | NONE | NONE | — | No filesystem access detected |
| 环境变量 | NONE | NONE | — | SKILL.md:64 - 'never ask for API keys' |
| 技能调用 | NONE | NONE | — | No skill invocation detected |
2 项发现
中危 外部 URL 外部 URL
https://getmembrane.com SKILL.md:7 中危 外部 URL 外部 URL
https://help.proofpoint.com/Threat_Insight_Dashboard/API_Documentation SKILL.md:19 目录结构
1 文件 · 4.4 KB · 126 行 Markdown 1f · 126L
└─
SKILL.md
Markdown
安全亮点
✓ No executable code present - only documentation (SKILL.md)
✓ All shell commands are explicitly declared in documentation
✓ Network access declared and scoped to Proofpoint API via Membrane proxy
✓ Credentials handled server-side by Membrane (no local secret storage)
✓ Best practices documented: prefer built-in actions, discover before building
✓ No sensitive path access (~/.ssh, ~/.aws, .env)
✓ No base64-encoded payloads or obfuscated code
✓ No curl|bash or wget|sh remote script execution
✓ Clear authentication flow documented (browser-based login)
✓ Version-pinned CLI invocation (npx @membranehq/cli@latest)