footprint 安全扫描报告 — 可信 | ClawSafe

5 /100

footprint

Footprint integration for sustainability management platform

Documentation-only skill for Footprint/Membrane CLI integration with all functionality properly declared and no malicious indicators.

技能名称footprint

分析耗时26.0s

引擎pi

✓

可以安装

This skill is safe to use. The npm global install lacks version pinning, but this is acceptable for CLI tools and is declared in documentation.

安全发现 1 项

严重性	安全发现	位置
低危	npm global install without version pinning The SKILL.md instructs users to install @membranehq/cli globally without pinning to a specific version. `npm install -g @membranehq/cli` → Consider pinning to a major version (e.g., @membranehq/cli@latest) to avoid unexpected breaking changes, though this is standard practice for CLI tools.	`SKILL.md:43`

资源类型	声明权限	推断权限	状态	证据
文件系统	`NONE`	`NONE`	—	No file operations in this documentation skill
网络访问	`READ`	`READ`	✓ 一致	SKILL.md:80 - Uses membrane CLI to make API requests through Membrane proxy
命令执行	`WRITE`	`WRITE`	✓ 一致	SKILL.md:43 - Uses npm install and membrane CLI commands

2 项发现

🔗

中危外部 URL 外部 URL

https://getmembrane.com

SKILL.md:7

🔗

中危外部 URL 外部 URL

https://usefootprint.com/docs

SKILL.md:19

1 文件 · 6.0 KB · 217 行

Markdown 1f · 217L

└─ 📝 SKILL.md Markdown 217L · 6.0 KB

✓ Documentation-only skill with no executable code or scripts

✓ All shell and network operations are explicitly declared in SKILL.md

✓ No credential harvesting - explicitly instructs to use browser auth and connections

✓ No base64, eval, curl|bash, or other suspicious execution patterns

✓ No access to sensitive paths (~/.ssh, ~/.aws, .env)

✓ No hidden functionality or disguised behavior

✓ Uses legitimate Membrane platform for authentication (no direct API key handling)