扫描报告
0 /100
waiverforever
WaiverForever integration for managing waivers, templates, and documents via Membrane CLI
Legitimate WaiverForever integration skill using the Membrane CLI with fully declared network, shell, and credential handling capabilities. No malicious indicators found.
可以安装
No action required. Skill is safe to use.
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 命令执行 | WRITE | WRITE | ✓ 一致 | npm install -g @membranehq/cli and membrane CLI commands |
| 网络访问 | READ | READ | ✓ 一致 | membrane request CONNECTION_ID /path/to/endpoint |
| 环境变量 | NONE | NONE | — | No environment variable access detected |
2 项发现
中危 外部 URL 外部 URL
https://getmembrane.com SKILL.md:7 中危 外部 URL 外部 URL
https://developers.waiverforever.com/ SKILL.md:19 目录结构
1 文件 · 4.4 KB · 126 行 Markdown 1f · 126L
└─
SKILL.md
Markdown
依赖分析 1 项
| 包名 | 版本 | 来源 | 已知漏洞 | 备注 |
|---|---|---|---|---|
@membranehq/cli | latest (unpinned) | npm | 否 | CLI tool used for integration; version pinning not required for skill docs |
安全亮点
✓ All capabilities explicitly declared in documentation
✓ Credential handling is server-side with no local secrets storage
✓ No obfuscation, base64-encoded commands, or anti-analysis patterns
✓ No sensitive path access (~/.ssh, ~/.aws, .env)
✓ No curl|bash or wget|sh remote script execution
✓ No data exfiltration or C2 communication patterns
✓ Uses legitimate Membrane CLI for API integration
✓ Best practices documented for secure credential handling