扫描报告
20 /100
function
Function integration for Membrane — manage Deals, Persons, Organizations, Leads, Projects, Pipelines via the Membrane CLI
Documentation-only skill that describes Membrane CLI integration for SaaS connections; no executable code present, all behaviors are declared in SKILL.md.
可以安装
No immediate action required. Consider pinning the CLI version instead of using @latest to prevent unexpected behavior changes.
安全发现 2 项
| 严重性 | 安全发现 | 位置 |
|---|---|---|
| 低危 | CLI uses @latest tag instead of pinned version 供应链 | SKILL.md:35 |
| 低危 | External URL points to unrelated documentation 文档欺骗 | SKILL.md:17 |
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 文件系统 | NONE | READ | ✓ 一致 | SKILL.md mentions credential storage at ~/.membrane/credentials.json but no dire… |
| 网络访问 | READ | READ | ✓ 一致 | All network activity is through the documented Membrane CLI for API integration |
| 命令执行 | NONE | READ | ✓ 一致 | SKILL.md describes npx CLI commands; no direct shell execution beyond the docume… |
1 项发现
中危 外部 URL 外部 URL
https://www.mathworks.com/help/matlab/ref/function.html SKILL.md:17 目录结构
1 文件 · 4.5 KB · 115 行 Markdown 1f · 115L
└─
SKILL.md
Markdown
安全亮点
✓ No executable code present in the skill — purely documentation
✓ All network operations are documented and routed through the Membrane CLI
✓ Credential management is delegated to the Membrane platform as documented
✓ No sensitive file access detected (no reading of ~/.ssh, ~/.aws, .env, etc.)
✓ No base64-encoded payloads, reverse shells, or obfuscated code
✓ No credential harvesting or data exfiltration patterns observed