扫描报告
10 /100
tecalliance
TecAlliance integration for automotive data management
A legitimate TecAlliance API integration skill that uses the documented Membrane CLI for automotive data operations with no malicious code or hidden functionality.
可以安装
Approve for use. The skill is well-documented and performs standard API integration through a legitimate third-party CLI tool.
安全发现 1 项
| 严重性 | 安全发现 | 位置 |
|---|---|---|
| 低危 | Third-party CLI dependency 供应链 | SKILL.md:31 |
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 文件系统 | NONE | WRITE | ✓ 一致 | npm install -g writes to global node_modules (implicit) |
| 网络访问 | READ | READ | ✓ 一致 | membrane request for TecAlliance API calls |
| 命令执行 | NONE | WRITE | ✓ 一致 | membrane CLI commands documented in SKILL.md |
| 环境变量 | NONE | NONE | — | No environment variable access detected |
| 技能调用 | NONE | NONE | — | No skill chaining detected |
| 剪贴板 | NONE | NONE | — | No clipboard access detected |
| 浏览器 | NONE | READ | ✓ 一致 | membrane login opens browser for OAuth authentication |
| 数据库 | NONE | NONE | — | No database access detected |
2 项发现
中危 外部 URL 外部 URL
https://getmembrane.com SKILL.md:7 中危 外部 URL 外部 URL
https://developer.tecalliance.services/ SKILL.md:19 目录结构
1 文件 · 4.9 KB · 141 行 Markdown 1f · 141L
└─
SKILL.md
Markdown
依赖分析 1 项
| 包名 | 版本 | 来源 | 已知漏洞 | 备注 |
|---|---|---|---|---|
@membranehq/cli | latest | npm | 否 | Version not pinned - recommends using @latest |
安全亮点
✓ No executable code present - only documentation
✓ No obfuscated or base64-encoded content
✓ No credential harvesting patterns detected
✓ All functionality clearly documented in SKILL.md
✓ Uses standard OAuth browser flow for authentication
✓ No access to sensitive system paths (~/.ssh, ~/.aws, etc.)
✓ No suspicious network patterns (no direct IP calls, no C2 indicators)
✓ Legitimate business use case (automotive data API integration)
✓ External URLs point to legitimate services (getmembrane.com, tecalliance.services)