marin-software 安全扫描报告 — 低风险 | ClawSafe

10 /100

marin-software

Marin Software integration for managing digital advertising campaigns

A legitimate Marin Software integration skill that uses the Membrane CLI; all functionality is declared and no malicious behavior detected.

技能名称marin-software

分析耗时24.7s

引擎pi

✓

可以安装

Approve for use. The skill is well-documented with no hidden functionality.

安全发现 2 项

严重性	安全发现	位置
提示	External URL references SKILL.md contains links to getmembrane.com and developers.marinsoftware.com for documentation purposes. `https://getmembrane.com` → No action needed - external docs are legitimate	`SKILL.md:7`
提示	Global npm package installation The skill instructs to install @membranehq/cli globally via npm. This is a standard approach for CLI tools and is fully declared. `npm install -g @membranehq/cli` → No action needed - declared and necessary for the skill	`SKILL.md:27`

资源类型	声明权限	推断权限	状态	证据
文件系统	`NONE`	`NONE`	—	No file operations in skill
网络访问	`READ`	`READ`	✓ 一致	SKILL.md lines 7,19 - External URLs for docs
命令执行	`WRITE`	`WRITE`	✓ 一致	SKILL.md lines 27-28 - npm install -g @membranehq/cli
环境变量	`NONE`	`NONE`	—	No environment variable access detected
技能调用	`NONE`	`READ`	✓ 一致	Uses membrane CLI commands as documented

2 项发现

🔗

中危外部 URL 外部 URL

https://getmembrane.com

SKILL.md:7

🔗

中危外部 URL 外部 URL

https://developers.marinsoftware.com/

SKILL.md:19

1 文件 · 4.4 KB · 127 行

Markdown 1f · 127L

└─ 📝 SKILL.md Markdown 127L · 4.4 KB

✓ All shell commands are explicitly declared in SKILL.md

✓ No hidden functionality or undocumented behavior

✓ No credential harvesting - uses Membrane's connection-based auth

✓ No data exfiltration detected

✓ No base64, eval, or obfuscated code

✓ No access to sensitive paths (~/.ssh, ~/.aws, .env)

✓ Single-file skill with transparent documentation

✓ Uses best practices: prefers pre-built Membrane actions over raw API calls