扫描报告
5 /100
loyjoy
LoyJoy integration - conversational marketing platform management via Membrane CLI
This is a pure documentation skill (SKILL.md only) describing how to use the legitimate Membrane CLI to interact with the LoyJoy conversational marketing platform. No executable code, scripts, or suspicious patterns present.
可以安装
This skill is safe to use. It documents only the use of a standard npm package (@membranehq/cli) for API integration, with no local credential storage or suspicious behavior.
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 文件系统 | NONE | NONE | — | No filesystem access required or used |
| 网络访问 | READ | READ | ✓ 一致 | SKILL.md declares network access for API calls through Membrane CLI |
| 命令执行 | NONE | NONE | — | No shell commands executed directly; documents npm install and membrane CLI usag… |
| 环境变量 | NONE | NONE | — | No environment variable access or credential storage |
| 技能调用 | NONE | NONE | — | No skill-to-skill invocation |
| 剪贴板 | NONE | NONE | — | No clipboard access |
| 浏览器 | NONE | NONE | — | Browser authentication is handled by Membrane CLI (external tool) |
| 数据库 | NONE | NONE | — | No database access |
2 项发现
中危 外部 URL 外部 URL
https://getmembrane.com SKILL.md:7 中危 外部 URL 外部 URL
https://developers.loyjoy.com/ SKILL.md:19 目录结构
1 文件 · 4.3 KB · 126 行 Markdown 1f · 126L
└─
SKILL.md
Markdown
依赖分析 1 项
| 包名 | 版本 | 来源 | 已知漏洞 | 备注 |
|---|---|---|---|---|
@membranehq/cli | latest (via npx) | npm | 否 | Version not pinned but this is by design for CLI documentation |
安全亮点
✓ Pure documentation skill with no executable code
✓ Uses legitimate, publicly available npm package (@membranehq/cli)
✓ Credentials handled by Membrane server-side - no local secrets stored
✓ Clear documentation of all capabilities and intended behavior
✓ No suspicious patterns: no base64, no curl|bash, no eval(), no direct IP connections
✓ No sensitive file access (no ~/.ssh, ~/.aws, .env access)
✓ No credential harvesting or exfiltration
✓ Standard authentication flow through trusted Membrane platform