扫描报告
5 /100
apache-superset
Apache Superset integration using Membrane CLI for data management and automation
This is a legitimate Apache Superset integration skill that documents how to use the Membrane CLI for API interactions. No malicious behavior, credential harvesting, or undeclared functionality detected.
可以安装
This skill is safe to use. No action required.
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 文件系统 | NONE | NONE | — | No filesystem access required or used |
| 网络访问 | READ | READ | ✓ 一致 | Network access through Membrane proxy for Superset API calls - documented and ne… |
| 命令执行 | WRITE | WRITE | ✓ 一致 | CLI installation (npm install) and membrane commands - documented and necessary |
| 环境变量 | NONE | NONE | — | No environment variable access |
| 技能调用 | NONE | NONE | — | No skill-to-skill invocation |
| 剪贴板 | NONE | NONE | — | No clipboard access |
| 浏览器 | NONE | NONE | — | Browser used for OAuth flow - managed by membrane CLI |
| 数据库 | NONE | NONE | — | Database access only through Superset API via Membrane proxy |
2 项发现
中危 外部 URL 外部 URL
https://getmembrane.com SKILL.md:7 中危 外部 URL 外部 URL
https://superset.apache.org/docs/ SKILL.md:19 目录结构
1 文件 · 4.4 KB · 123 行 Markdown 1f · 123L
└─
SKILL.md
Markdown
安全亮点
✓ No script files - purely documentation of CLI commands
✓ Credential management is handled server-side by Membrane (no local secrets)
✓ Uses official npm registry for CLI installation (@membranehq/cli)
✓ Explicitly instructs to never ask users for API keys
✓ No base64 encoding, eval(), or obfuscation detected
✓ No sensitive file/path access (~/.ssh, ~/.aws, .env)
✓ No data exfiltration or C2 communication patterns
✓ Legitimate third-party integration (Apache Superset)