中文 EN

扫描报告

扫描新文件

低风险 — 风险评分 15/100
上次扫描:1 天前 重新扫描
15 /100
teller
Teller integration. Manage data, records, and automate workflows. Use when the user wants to interact with Teller data.
Documentation-only skill for Teller/Membrane integration with all behavior declared; minor supply chain concern from unpinned npm CLI but no direct security impact.
技能名称teller
分析耗时26.8s
引擎pi
可以安装
No immediate action required. Consider pinning the CLI version (e.g., @membranehq/[email protected]) for reproducible builds. The Membrane proxy model is a sound security architecture.

安全发现 2 项

严重性 安全发现 位置
低危
Unpinned npm CLI dependency 供应链
The skill instructs to install @membranehq/cli without a version pin. This allows resolution to a different (potentially malicious) version on future installs.
npm install -g @membranehq/cli
→ Pin to a specific version: npm install -g @membranehq/[email protected]
 SKILL.md:24
提示
Unofficial npm package domain 供应链
Uses @membranehq namespace on npm public registry. While legitimate, organization-owned packages on public registries present inherent supply chain risk.
npm install -g @membranehq/cli
→ Verify package integrity via npm provenance or checksum if available. Consider using a private registry mirror for higher assurance.
 SKILL.md:24
资源类型声明权限推断权限状态证据
网络访问 WRITE WRITE ✓ 一致 SKILL.md:38-57 - membrane request command with arbitrary HTTP methods
命令执行 WRITE WRITE ✓ 一致 SKILL.md:24 - npm install -g @membranehq/cli; SKILL.md:28-34 - membrane login/co…
文件系统 NONE NONE No file operations declared or observed
环境变量 NONE NONE SKILL.md explicitly states 'never ask the user for API keys or tokens' and uses …
凭证访问 NONE NONE SKILL.md:58 - 'Let Membrane handle credentials — never ask the user for API keys…
2 项发现
🔗
中危 外部 URL 外部 URL
https://getmembrane.com
SKILL.md:7
🔗
中危 外部 URL 外部 URL
https://teller.com/docs
SKILL.md:19

目录结构

1 文件 · 4.2 KB · 124 行
Markdown 1f · 124L
└─ 📝 SKILL.md Markdown 124L · 4.2 KB

依赖分析 1 项

包名版本来源已知漏洞备注
@membranehq/cli unpinned npm Global npm install without version constraint

安全亮点

✓ No hidden or undocumented functionality — all capabilities declared in SKILL.md
✓ Credential management delegated to Membrane (no local secret storage)
✓ Network requests routed through Membrane proxy with server-side auth lifecycle
✓ Best practices documented: prefer pre-built actions over raw API calls
✓ No sensitive file paths (~/.ssh, ~/.aws, .env) accessed
✓ No obfuscation techniques (base64, eval, atob) detected
✓ No credential harvesting or exfiltration behavior
✓ No persistence mechanisms (cron, startup hooks, backdoors)
✓ No reverse shell or C2 communication patterns