klazify 安全扫描报告 — 可信 | ClawSafe

5 /100

klazify

Klazify integration for web scraping and data extraction via Membrane CLI

Pure documentation-only skill that uses the Membrane CLI to interact with Klazify API. No executable code, scripts, or hidden functionality detected.

技能名称klazify

分析耗时26.1s

引擎pi

✓

可以安装

Skill is safe to use. No action required.

安全发现 1 项

严重性	安全发现	位置
低危	npm package version not pinned 供应链 The CLI is installed with `npm install -g @membranehq/cli` without specifying a version. This could lead to unexpected updates. `npm install -g @membranehq/cli` → Consider pinning to a specific version: `npm install -g @membranehq/[email protected]`	`SKILL.md:28`

资源类型	声明权限	推断权限	状态	证据
文件系统	`NONE`	`NONE`	—	No file operations declared or performed
网络访问	`READ`	`READ`	✓ 一致	API calls to Klazify through membrane CLI (documented)
命令执行	`WRITE`	`WRITE`	✓ 一致	npm install -g @membranehq/cli and membrane CLI commands (documented)
环境变量	`NONE`	`NONE`	—	No environment variable access detected
技能调用	`NONE`	`NONE`	—	No skill invocation detected
剪贴板	`NONE`	`NONE`	—	No clipboard access detected
浏览器	`NONE`	`NONE`	—	Browser auth via membrane login flow (documented OAuth)
数据库	`NONE`	`NONE`	—	No database access detected

2 项发现

🔗

中危外部 URL 外部 URL

https://getmembrane.com

SKILL.md:7

🔗

中危外部 URL 外部 URL

https://www.klazify.com/documentation

SKILL.md:19

1 文件 · 5.1 KB · 130 行

Markdown 1f · 130L

└─ 📝 SKILL.md Markdown 130L · 5.1 KB

包名	版本	来源	已知漏洞	备注
`@membranehq/cli`	`*`	npm	否	Version not pinned

✓ Pure documentation skill - no executable code to analyze

✓ All functionality clearly documented in SKILL.md

✓ Uses established Membrane CLI tool for auth (OAuth flow, not API key handling)

✓ No credential harvesting or exfiltration detected

✓ No obfuscated code or suspicious patterns

✓ Best practices section emphasizes secure patterns