getform 安全扫描报告 — 低风险 | ClawSafe

5 /100

getform

Getform integration. Manage data, records, and automate workflows.

Documentation-only skill that describes using the Membrane CLI to interact with Getform, with all functionality clearly declared and no hidden malicious behavior.

技能名称getform

分析耗时26.0s

引擎pi

✓

可以安装

This skill is safe to use. When executing npm install -g, consider pinning to a specific version for reproducibility.

安全发现 2 项

严重性	安全发现	位置
低危	Unpinned npm package version 供应链 The skill instructs to install @membranehq/cli without specifying a version, which could lead to unexpected behavior if the package changes. `npm install -g @membranehq/cli` → Consider pinning to a specific version: npm install -g @membranehq/[email protected]	`SKILL.md:27`
提示	External URLs present 文档欺骗 Skill references external URLs (getmembrane.com, getform.io) which is expected for a legitimate integration skill. `https://getmembrane.com` → No action needed - external URLs are normal for integration documentation	`SKILL.md:7`

资源类型	声明权限	推断权限	状态	证据
文件系统	`NONE`	`NONE`	—	No file operations in SKILL.md
网络访问	`READ`	`READ`	✓ 一致	Uses Membrane CLI for API requests to Getform
命令执行	`WRITE`	`WRITE`	✓ 一致	Uses npm install -g and membrane CLI commands (documented)
环境变量	`NONE`	`NONE`	—	No environment variable access documented

2 项发现

🔗

中危外部 URL 外部 URL

https://getmembrane.com

SKILL.md:7

🔗

中危外部 URL 外部 URL

https://getform.io/docs

SKILL.md:19

目录结构

1 文件 · 4.3 KB · 122 行

Markdown 1f · 122L

└─ 📝 SKILL.md Markdown 122L · 4.3 KB

安全亮点

✓ No executable code - documentation only

✓ All shell commands and network access clearly declared in SKILL.md

✓ Credentials managed through Membrane's secure connection system, not local API keys

✓ No access to sensitive files (~/.ssh, ~/.aws, .env)

✓ No obfuscation or base64-encoded content

✓ No credential harvesting behavior

✓ Standard legitimate integration documentation