gitpod 安全扫描报告 — 可信 | ClawSafe

5 /100

gitpod

Gitpod integration for managing data, records, and workflow automation

A legitimate Gitpod integration skill using the official Membrane CLI for workflow automation with no security concerns.

技能名称gitpod

分析耗时20.1s

引擎pi

✓

可以安装

This skill is safe to use. No security issues detected.

资源类型	声明权限	推断权限	状态	证据
网络访问	`READ`	`READ`	✓ 一致	SKILL.md uses membrane CLI to interact with Gitpod API
命令执行	`WRITE`	`WRITE`	✓ 一致	SKILL.md requires npm install and membrane CLI commands

2 项发现

🔗

中危外部 URL 外部 URL

https://getmembrane.com

SKILL.md:7

🔗

中危外部 URL 外部 URL

https://www.gitpod.io/docs/

SKILL.md:19

目录结构

1 文件 · 4.3 KB · 125 行

Markdown 1f · 125L

└─ 📝 SKILL.md Markdown 125L · 4.3 KB

包名	版本	来源	已知漏洞	备注
`@membranehq/cli`	`latest`	npm	否	Published npm package, latest version used intentionally for CLI tool

✓ Single-file skill with transparent documentation

✓ Uses official Membrane CLI (@membranehq/cli) from npm registry

✓ No custom scripts or obfuscated code

✓ No credential harvesting or sensitive data access

✓ No network exfiltration or C2 communication

✓ Clear documentation of all capabilities and actions

✓ Membrane handles authentication server-side with no local secrets

✓ Standard CLI installation pattern for legitimate tool integration