time-doctor 安全扫描报告 — 可信 | ClawSafe

5 /100

time-doctor

Time Doctor integration. Manage data, records, and automate workflows. Use when the user wants to interact with Time Doctor data.

Documentation-only skill that describes legitimate Time Doctor API integration via the Membrane CLI, with no implementation code, no hidden functionality, and no security risks.

技能名称time-doctor

分析耗时21.4s

引擎pi

✓

可以安装

This skill is safe to use. It contains only documentation for a legitimate API integration tool with no executable code or suspicious behavior.

2 项发现

🔗

中危外部 URL 外部 URL

https://getmembrane.com

SKILL.md:7

🔗

中危外部 URL 外部 URL

https://www.timedoctor.com/api/

SKILL.md:19

目录结构

1 文件 · 4.4 KB · 127 行

Markdown 1f · 127L

└─ 📝 SKILL.md Markdown 127L · 4.4 KB

安全亮点

✓ Documentation-only skill with no executable code

✓ No credential harvesting — explicitly instructs to use Membrane for auth lifecycle

✓ No sensitive path access (no ~/.ssh, ~/.aws, .env references)

✓ No network requests to suspicious endpoints

✓ No data exfiltration behavior

✓ Documented commands (npm install, membrane CLI) are appropriate for an API integration skill

✓ Explicitly warns against asking users for API keys or tokens

✓ References legitimate, well-known services (Membrane, Time Doctor API)