中文 EN

扫描报告

扫描新文件

可信 — 风险评分 5/100
上次扫描:2 天前 重新扫描
5 /100
densify
Densify integration. Manage data, records, and automate workflows using the Membrane CLI.
This is a pure-documentation skill that describes how to use the Membrane CLI to interact with the Densify cloud optimization platform. No executable code is present — only SKILL.md — and all behaviors are explicitly declared.
技能名称densify
分析耗时25.1s
引擎pi
可以安装
Approve for use. The skill is safe with no security concerns.
资源类型声明权限推断权限状态证据
文件系统 NONE NONE No filesystem operations described or present
网络访问 READ READ ✓ 一致 SKILL.md:7 — 'Requires network access'; all network calls go through Membrane CL…
命令执行 WRITE WRITE ✓ 一致 SKILL.md:31 — npm install -g @membranehq/cli; SKILL.md:37-70 — membrane CLI invo…
环境变量 NONE NONE No environment variable access described; skill explicitly says 'never ask the u…
技能调用 NONE NONE No nested skill invocations described
剪贴板 NONE NONE No clipboard access
浏览器 NONE NONE membrane login opens a browser window for auth (declared in SKILL.md:40-42), but…
数据库 NONE NONE No database access
2 项发现
🔗
中危 外部 URL 外部 URL
https://getmembrane.com
SKILL.md:7
🔗
中危 外部 URL 外部 URL
https://www.densify.com/products/
SKILL.md:19

目录结构

1 文件 · 4.3 KB · 124 行
Markdown 1f · 124L
└─ 📝 SKILL.md Markdown 124L · 4.3 KB

依赖分析 1 项

包名版本来源已知漏洞备注
@membranehq/cli latest npm Version not pinned; however, this is standard practice for SKILL.md documentation

安全亮点

✓ Pure documentation skill — no executable code present, eliminating execution risk
✓ All behaviors explicitly declared in SKILL.md with no doc-to-code mismatch
✓ Network access is declared in the compatibility field
✓ Credentials are handled by Membrane's server-side auth lifecycle; no local secret storage
✓ No base64, eval, or obfuscated payloads anywhere
✓ No credential harvesting or exfiltration patterns
✓ No suspicious path access (~/.ssh, ~/.aws, .env)
✓ npm install uses a public package (@membranehq/cli) with no custom scripts