扫描报告
5 /100
mip-fund-accounting
MIP Fund Accounting integration. Manage data, records, and automate workflows.
This is a legitimate MIP Fund Accounting integration skill that uses the documented Membrane CLI for API interactions. No malicious behavior detected.
可以安装
This skill is safe to use. No security concerns identified. Standard caution applies when installing any third-party npm packages globally.
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 网络访问 | READ | READ | ✓ 一致 | SKILL.md:29 - 'Requires network access' |
| 命令执行 | WRITE | WRITE | ✓ 一致 | SKILL.md:35-83 - All shell commands (npm install, membrane CLI) are documented |
| 文件系统 | NONE | NONE | — | No filesystem operations in skill - only CLI tool usage |
2 项发现
中危 外部 URL 外部 URL
https://getmembrane.com SKILL.md:7 中危 外部 URL 外部 URL
https://www.mip.com/resource-center/ SKILL.md:19 目录结构
1 文件 · 5.0 KB · 149 行 Markdown 1f · 149L
└─
SKILL.md
Markdown
依赖分析 1 项
| 包名 | 版本 | 来源 | 已知漏洞 | 备注 |
|---|---|---|---|---|
@membranehq/cli | latest | npm | 否 | No version pinning; uses @latest tag |
安全亮点
✓ All shell operations are clearly documented with specific commands
✓ Credential handling is delegated to Membrane CLI with no local secret storage
✓ No hidden functionality or undocumented behavior observed
✓ Skill explicitly warns against asking users for API keys
✓ Uses pre-built actions as recommended approach over raw API calls
✓ No credential harvesting, data exfiltration, or obfuscation detected
✓ No access to sensitive paths (~/.ssh, ~/.aws, .env) observed