codeq-natural-language-processing-api 安全扫描报告 — 可信 | ClawSafe

5 /100

codeq-natural-language-processing-api

Codeq Natural Language Processing API integration for sentiment analysis, text summarization, and entity recognition

Legitimate Codeq NLP API integration skill using Membrane CLI with clearly declared network access and shell execution for package installation.

技能名称codeq-natural-language-processing-api

分析耗时22.6s

引擎pi

✓

可以安装

No action needed. This is a straightforward API integration skill with all capabilities properly documented.

资源类型	声明权限	推断权限	状态	证据
命令执行	`WRITE`	`WRITE`	✓ 一致	SKILL.md line 29: npm install -g @membranehq/cli
网络访问	`READ`	`READ`	✓ 一致	SKILL.md: interacts with Codeq NLP API through Membrane proxy
文件系统	`NONE`	`NONE`	—	No file operations declared or observed
环境变量	`NONE`	`NONE`	—	No env access observed
剪贴板	`NONE`	`NONE`	—	No clipboard access observed
数据库	`NONE`	`NONE`	—	No database access declared or observed

2 项发现

🔗

中危外部 URL 外部 URL

https://getmembrane.com

SKILL.md:7

🔗

中危外部 URL 外部 URL

https://codeq.ai/docs/

SKILL.md:19

目录结构

1 文件 · 4.9 KB · 132 行

Markdown 1f · 132L

└─ 📝 SKILL.md Markdown 132L · 4.9 KB

包名	版本	来源	已知漏洞	备注
`@membranehq/cli`	`latest`	npm	否	Version not pinned; this is standard for CLI tools and matches documented behavior

✓ All shell commands documented in SKILL.md (npm install, membrane CLI)

✓ Network access explicitly declared for API interaction

✓ Credentials handled server-side by Membrane with no local secrets

✓ Standard browser-based OAuth authentication flow

✓ No sensitive path access (~/.ssh, ~/.aws, .env)

✓ No base64/eval/suspicious encoding patterns

✓ No data exfiltration or credential harvesting

✓ Open source repository referenced (github.com/membranedev/application-skills)