中文 EN

扫描报告

扫描新文件

低风险 — 风险评分 15/100
上次扫描:2 天前 重新扫描
15 /100
volkern-crm
Automate Volkern CRM operations including lead management, appointment scheduling, task tracking, service catalog, WhatsApp messaging, sales pipeline, quotations, and contracts
Legitimate Volkern CRM MCP server integration with no malicious behavior detected. All functionality aligns with documented CRM operations.
技能名称volkern-crm
分析耗时40.1s
引擎pi
可以安装
Skill is safe to use. No security concerns identified.

安全发现 2 项

严重性 安全发现 位置
提示
Network access not explicitly declared
The SKILL.md requirements section does not explicitly declare network:READ permission, though API integration is clearly documented throughout the skill description
requires: api_key: volkern
→ Consider adding network:READ to the requirements declaration for transparency
 skill.md:1
提示
Standard MCP server implementation
Uses @modelcontextprotocol/sdk with proper error handling and input validation via Zod schemas
import { Server } from '@modelcontextprotocol/sdk/server/index.js'
→ No action needed - this is standard practice
 src/index.ts:1
资源类型声明权限推断权限状态证据
网络访问 NONE READ ✓ 一致 src/index.ts:18 - fetch(url, options) to volkern.app/api
文件系统 NONE NONE No filesystem operations in code
命令执行 NONE NONE No shell execution in code
环境变量 NONE READ ✓ 一致 src/index.ts:15 - Only reads VOLKERN_API_KEY and VOLKERN_API_URL for CRM authent…
8 项发现
🔗
中危 外部 URL 外部 URL
https://volkern.app/api
dist/index.js:8
🔗
中危 外部 URL 外部 URL
https://opencollective.com/express
package-lock.json:604
🔗
中危 外部 URL 外部 URL
https://volkern.app
package.json:33
🔗
中危 外部 URL 外部 URL
https://linkedin.com/in/mariagarcia
skill.md:359
🔗
中危 外部 URL 外部 URL
https://volkern.app/cotizacion/abc123
skill.md:491
🔗
中危 外部 URL 外部 URL
https://volkern.app/contrato/xyz789
skill.md:564
📧
提示 邮箱 邮箱地址
[email protected]
package.json:27
📧
提示 邮箱 邮箱地址
[email protected]
skill.md:353

目录结构

8 文件 · 109.8 KB · 3244 行
Markdown 2f · 935L JSON 3f · 813L TypeScript 2f · 761L JavaScript 1f · 735L
├─ 📁 dist
│ ├─ 📜 index.d.ts TypeScript 2L · 31 B
│ └─ 📜 index.js JavaScript 735L · 30.1 KB
├─ 📁 src
│ └─ 📜 index.ts TypeScript 759L · 25.9 KB
├─ 📋 package-lock.json JSON 744L · 23.4 KB
├─ 📋 package.json JSON 53L · 1.2 KB
├─ 📝 readme.md Markdown 228L · 5.7 KB
├─ 📝 skill.md Markdown 707L · 23.1 KB
└─ 📋 tsconfig.json JSON 16L · 392 B

依赖分析 2 项

包名版本来源已知漏洞备注
@modelcontextprotocol/sdk ^0.5.0 npm Official MCP SDK from Anthropic
zod ^3.23.8 npm Well-maintained schema validation library

安全亮点

✓ Clean codebase with no obfuscation or suspicious patterns
✓ API key authentication properly handled via environment variables
✓ No shell execution, filesystem access, or credential harvesting
✓ All external URLs point to legitimate volkern.app domain
✓ Comprehensive documentation matches actual implementation
✓ Standard MCP protocol implementation with proper error handling
✓ No base64 encoding, eval(), or dynamic code execution
✓ Dependencies (@modelcontextprotocol/sdk, zod) are from reputable sources