扫描报告
5 /100
sendbird
Sendbird integration. Manage Users, Channels. Use when the user wants to interact with Sendbird data.
This is a well-documented Sendbird integration skill using the Membrane CLI. No malicious behavior, hidden functionality, or undeclared capabilities detected.
可以安装
This skill is safe to use. All operations are clearly documented: npm install for CLI setup, OAuth-based authentication, and proxy requests through Membrane's infrastructure.
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 文件系统 | NONE | WRITE | ✓ 一致 | SKILL.md line 33: npm install writes to global node_modules |
| 网络访问 | READ | READ | ✓ 一致 | SKILL.md: All network access through Membrane proxy to Sendbird API |
| 命令执行 | WRITE | WRITE | ✓ 一致 | SKILL.md: Declares npm install and membrane CLI usage |
| 环境变量 | NONE | NONE | — | No environment variable access detected |
| 技能调用 | NONE | NONE | — | No skill invocation detected |
| 剪贴板 | NONE | NONE | — | No clipboard access detected |
| 浏览器 | READ | READ | ✓ 一致 | SKILL.md line 37: OAuth browser flow for membrane login |
| 数据库 | NONE | NONE | — | No database access detected |
2 项发现
中危 外部 URL 外部 URL
https://getmembrane.com SKILL.md:7 中危 外部 URL 外部 URL
https://sendbird.com/docs/chat/v3/platform/getting-started/basic-concepts SKILL.md:19 目录结构
1 文件 · 4.3 KB · 123 行 Markdown 1f · 123L
└─
SKILL.md
Markdown
安全亮点
✓ Skill is purely documentation with no executable code
✓ All capabilities are clearly declared in SKILL.md
✓ Credentials are handled server-side by Membrane (no local secret storage)
✓ Best practices documented: prefer pre-built actions over raw API calls
✓ No base64 encoding, eval(), or obfuscation detected
✓ No credential harvesting or exfiltration patterns
✓ External URLs point to legitimate service providers (Membrane, Sendbird)
✓ OAuth-based authentication flow for user consent