扫描报告
5 /100
respondio
Respond.io integration for managing Organizations, Contacts, Conversations, and other entities
Pure documentation skill (SKILL.md only) providing Respond.io integration via the Membrane CLI with all capabilities properly declared.
可以安装
Skill is safe to use. No executable code present. All shell and network operations are clearly documented.
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 命令执行 | WRITE | WRITE | ✓ 一致 | npm install -g @membranehq/cli (SKILL.md:31) |
| 网络访问 | READ | READ | ✓ 一致 | Membrane API and Respond.io API calls (SKILL.md:47-69) |
| 文件系统 | NONE | NONE | — | No file operations described |
| 环境变量 | NONE | NONE | — | Credentials handled server-side by Membrane |
| 剪贴板 | NONE | NONE | — | Not accessed |
| 浏览器 | NONE | NONE | — | Authentication via browser redirect, not programmatic access |
| 数据库 | NONE | NONE | — | Not accessed |
| 技能调用 | NONE | NONE | — | No cross-skill invocation |
2 项发现
中危 外部 URL 外部 URL
https://getmembrane.com SKILL.md:7 中危 外部 URL 外部 URL
https://developers.respond.io/api/v2 SKILL.md:19 目录结构
1 文件 · 4.4 KB · 128 行 Markdown 1f · 128L
└─
SKILL.md
Markdown
安全亮点
✓ No executable code present - pure documentation skill
✓ All shell commands (npm install, membrane CLI) are explicitly documented
✓ Network access is declared and justified (Membrane and Respond.io APIs)
✓ Credential handling properly delegated to Membrane (no local secret storage)
✓ Best practices documented (prefer pre-built actions over raw API calls)
✓ No obfuscation, base64, or suspicious patterns detected
✓ No sensitive file access (.ssh, .env, etc.)
✓ No data exfiltration or C2 communication patterns