onetrust 安全扫描报告 — 可疑 | ClawSafe

45 /100

onetrust

OneTrust integration for managing data privacy, records, and automated workflows

Skill installs an unversioned third-party CLI tool and delegates all credential handling to an undisclosed proxy service with no transparency about data collection.

技能名称onetrust

分析耗时55.6s

引擎pi

⚠

谨慎使用

Pin the npm package to a specific version (remove @latest), audit the @membranehq/cli package, and require Membrane to publish a security/transparency report detailing their data handling practices.

安全发现 4 项

严重性	安全发现	位置
高危	Third-party credential proxy without transparency The skill delegates all API authentication to Membrane's proxy service. Credentials flow through Membrane's infrastructure with no disclosure of logging, data collection, or retention practices. SKILL.md states 'Membrane handles authentication and credentials refresh automatically' and 'Membrane automatically appends the base URL' - this is a man-in-the-middle for all sensitive API calls. `Membrane automatically appends the base URL to the path you provide and injects the correct authentication headers` → Require Membrane to publish a security whitepaper. Consider allowing direct API access with user-managed credentials instead.	`SKILL.md:91`
高危	Unversioned npm package with @latest tag The skill uses '@membranehq/cli@latest' which can pull different code versions over time. npm install also uses unpinned version. This enables supply chain attacks where a compromised version could be pushed. `npm install -g @membranehq/cli` → Pin to a specific version with checksum verification, e.g., 'npm install -g @membranehq/[email protected]' after verifying the hash.	`SKILL.md:45`
中危	Filesystem access not declared SKILL.md declares 'allowed_tools: null (no direct file operations)' but npm install -g requires write access to the global npm directory (typically /usr/local/lib/node_modules or ~/.npm). This is a doc-to-code mismatch. `npm install -g @membranehq/cli` → Declare filesystem:WRITE permission in _meta.json or use npx instead of global install to avoid persistent filesystem modification.	`SKILL.md:45`
低危	External URLs without verification Skill references external URLs (getmembrane.com, developer.onetrust.com) without package integrity verification. Users cannot verify if these services are legitimate. `homepage: https://getmembrane.com` → Document the expected behavior and data flows between these services.	`SKILL.md:7`

资源类型	声明权限	推断权限	状态	证据
命令执行	`WRITE`	`WRITE`	✓ 一致	SKILL.md:45 - npm install -g @membranehq/cli
网络访问	`READ`	`READ`	✓ 一致	SKILL.md:55 - membrane request CONNECTION_ID /path/to/endpoint
文件系统	`NONE`	`WRITE`	✗ 越权	SKILL.md:45 - npm install -g requires global npm directory write access
环境变量	`NONE`	`NONE`	—	No environment variable access detected
技能调用	`NONE`	`NONE`	—	No skill invocation patterns found
剪贴板	`NONE`	`NONE`	—	No clipboard access detected
浏览器	`NONE`	`READ`	✓ 一致	SKILL.md:53 - membrane login opens browser for OAuth authentication
数据库	`NONE`	`NONE`	—	No database access detected

2 项发现

🔗

中危外部 URL 外部 URL

https://getmembrane.com

SKILL.md:7

🔗

中危外部 URL 外部 URL

https://developer.onetrust.com/

SKILL.md:19

目录结构

1 文件 · 5.8 KB · 194 行

Markdown 1f · 194L

└─ 📝 SKILL.md Markdown 194L · 5.8 KB

依赖分析 1 项

包名	版本	来源	已知漏洞	备注
`@membranehq/cli`	`unpinned (@latest)`	npm	否	Supply chain risk - no version pinning, uses @latest tag

安全亮点

✓ No credential harvesting detected - explicitly states 'never ask the user for API keys'

✓ No base64-encoded commands, eval(), or direct IP network requests

✓ Uses browser-based OAuth instead of storing secrets locally

✓ No access to sensitive paths like ~/.ssh, ~/.aws, or .env files

✓ Well-documented with clear usage examples