扫描报告
10 /100
demandbase
DemandBase integration using Membrane CLI for B2B marketing platform data management
DemandBase integration skill using Membrane CLI is well-documented with declared network and shell permissions, no malicious patterns detected.
可以安装
Skill is safe to use. No security concerns identified.
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 网络访问 | READ | READ | ✓ 一致 | SKILL.md:8 compatibility field; uses membrane request for API calls |
| 命令执行 | WRITE | WRITE | ✓ 一致 | SKILL.md:43 npm install -g @membranehq/cli; SKILL.md:47-88 membrane CLI commands |
| 文件系统 | NONE | NONE | — | No file read/write operations in skill |
| 环境变量 | NONE | NONE | — | No environment variable access; credentials handled by Membrane CLI |
| 剪贴板 | NONE | NONE | — | No clipboard operations |
| 浏览器 | NONE | NONE | — | Browser used only for OAuth flow via membrane login, not programmatic browser co… |
| 数据库 | NONE | NONE | — | No database access |
| 技能调用 | NONE | NONE | — | No nested skill invocations |
2 项发现
中危 外部 URL 外部 URL
https://getmembrane.com SKILL.md:7 中危 外部 URL 外部 URL
https://developers.demandbase.com/ SKILL.md:19 目录结构
1 文件 · 4.7 KB · 142 行 Markdown 1f · 142L
└─
SKILL.md
Markdown
安全亮点
✓ Full documentation of all capabilities and operations in SKILL.md
✓ Network access clearly declared in compatibility section
✓ Shell execution (npm install) explicitly documented in setup
✓ Credentials handled by Membrane CLI - no local secret storage
✓ Best practices documented for secure API usage
✓ No base64, eval, or obfuscation patterns detected
✓ No sensitive path access (~/.ssh, ~/.aws, .env)
✓ No credential harvesting or exfiltration
✓ No curl|bash or wget|sh patterns
✓ Legitimate URLs only (getmembrane.com, developers.demandbase.com)