scout-apm 安全扫描报告 — 低风险 | ClawSafe

15 /100

scout-apm

Scout APM integration — query traces, endpoints, errors, N+1 queries, and deployments via Membrane CLI

Scout APM integration skill using the Membrane CLI with appropriate declared permissions and no malicious behavior detected.

技能名称scout-apm

分析耗时32.8s

引擎pi

✓

可以安装

Approve for use. Consider pinning the npm CLI version for supply chain hygiene.

安全发现 2 项

严重性	安全发现	位置
低危	Unpinned npm global package 供应链 The skill installs @membranehq/cli without a pinned version, using 'npm install -g @membranehq/cli'. This allows the package maintainer to publish a new version that could change behavior or be compromised. `npm install -g @membranehq/cli` → Pin to a specific version: npm install -g @membranehq/[email protected]	`SKILL.md:31`
低危	Implied but not declared network:READ scope 文档欺骗 The skill proxies requests to Scout APM API via membrane but does not explicitly declare network:READ in its allowed-tools mapping, though it is implicitly required. `No allowed-tools or capabilities declaration present in frontmatter` → Add an allowed-tools mapping to SKILL.md frontmatter that explicitly declares network:READ for the membrane request proxy functionality	`SKILL.md:1`

资源类型	声明权限	推断权限	状态	证据
网络访问	`READ`	`READ`	✓ 一致	SKILL.md:47-64 — membrane request/connect operations for Scout APM API
命令执行	`WRITE`	`WRITE`	✓ 一致	SKILL.md:31 — npm install -g @membranehq/cli; SKILL.md:35 — membrane login/conne…
文件系统	`NONE`	`NONE`	—	No filesystem operations found
环境变量	`NONE`	`NONE`	—	No environment variable access detected
技能调用	`NONE`	`NONE`	—	No nested skill invocations
剪贴板	`NONE`	`NONE`	—	No clipboard access
浏览器	`NONE`	`NONE`	—	No browser automation
数据库	`NONE`	`NONE`	—	No database access

2 项发现

🔗

中危外部 URL 外部 URL

https://getmembrane.com

SKILL.md:7

🔗

中危外部 URL 外部 URL

https://docs.scoutapm.com/

SKILL.md:19

1 文件 · 4.4 KB · 127 行

Markdown 1f · 127L

└─ 📝 SKILL.md Markdown 127L · 4.4 KB

包名	版本	来源	已知漏洞	备注
`@membranehq/cli`	`*`	npm	否	No version pinned; installed globally via npm install -g

✓ No credential theft — skill explicitly delegates auth to Membrane CLI and states never to ask for API keys

✓ No sensitive path access — no reads of ~/.ssh, ~/.aws, .env, or similar

✓ No obfuscation — all code is plain text, no base64 or eval

✓ No data exfiltration — all network calls are to documented external services (getmembrane.com, Scout APM API)

✓ No reverse shell or C2 infrastructure

✓ No hidden HTML comments or embedded payloads

✓ Clear documentation matching actual behavior — no doc-to-code mismatch

✓ Credential lifecycle handled server-side by Membrane, not stored locally