扫描报告
5 /100
automox
Automox integration — manage patch management, configuration, and software deployment via Membrane CLI
A legitimate Automox integration skill using the Membrane CLI with no malicious behavior, hidden functionality, or credential theft — all operations are declared and within documented bounds.
可以安装
This skill is safe to use. Monitor for any future additions of scripts or binary executables that are not reviewed.
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 命令执行 | WRITE | WRITE | ✓ 一致 | SKILL.md:30 — npm install -g @membranehq/cli |
| 网络访问 | READ | READ | ✓ 一致 | SKILL.md:47-92 — membrane request for API proxy |
| 文件系统 | NONE | NONE | — | No filesystem operations documented or present |
| 环境变量 | NONE | NONE | — | SKILL.md:94 explicitly states not to ask for API keys; Membrane handles auth ser… |
| 技能调用 | NONE | NONE | — | No cross-skill invocation documented |
| 剪贴板 | NONE | NONE | — | No clipboard access present |
| 浏览器 | READ | READ | ✓ 一致 | SKILL.md:34-36 — browser window for OAuth login flow |
| 数据库 | NONE | NONE | — | No database operations documented or present |
2 项发现
中危 外部 URL 外部 URL
https://getmembrane.com SKILL.md:7 中危 外部 URL 外部 URL
https://developer.automox.com/ SKILL.md:19 目录结构
1 文件 · 4.4 KB · 131 行 Markdown 1f · 131L
└─
SKILL.md
Markdown
安全亮点
✓ No executable scripts or binary files present — only markdown documentation
✓ All shell operations (npm install) are explicitly documented in SKILL.md
✓ No credential theft: credentials are handled via browser-based OAuth through Membrane with no raw API key storage
✓ No data exfiltration: all network traffic is to/from Automox API via the Membrane proxy
✓ No obfuscation, encoded payloads, or anti-analysis techniques
✓ No sensitive file/path access (~/.ssh, ~/.aws, .env, etc.)
✓ No base64 execution, curl|bash, or remote script fetching
✓ SKILL.md provides clear best practices recommending use of Membrane's built-in actions over raw API calls