扫描报告
5 /100
directa24
Directa24 payment platform integration for Latin America via Membrane CLI
Directa24 payment integration skill using Membrane CLI - all functionality declared, no hidden behavior, no credential theft or exfiltration detected.
可以安装
This skill is safe to use. No additional security controls required.
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 命令执行 | WRITE | WRITE | ✓ 一致 | npm install -g @membranehq/cli, membrane commands |
| 网络访问 | READ | READ | ✓ 一致 | API interactions through Membrane proxy, browser auth |
| 文件系统 | NONE | NONE | — | No file operations declared or observed |
| 环境变量 | NONE | NONE | — | No environment variable access |
| 技能调用 | NONE | NONE | — | No nested skill invocations |
| 剪贴板 | NONE | NONE | — | No clipboard access |
| 浏览器 | READ | READ | ✓ 一致 | Browser auth flow for Membrane login |
| 数据库 | NONE | NONE | — | No database operations |
2 项发现
中危 外部 URL 外部 URL
https://getmembrane.com SKILL.md:7 中危 外部 URL 外部 URL
https://developers.directa24.com/ SKILL.md:19 目录结构
1 文件 · 4.2 KB · 122 行 Markdown 1f · 122L
└─
SKILL.md
Markdown
依赖分析 1 项
| 包名 | 版本 | 来源 | 已知漏洞 | 备注 |
|---|---|---|---|---|
@membranehq/cli | latest | npm | 否 | Version pinned to 'latest' during install - consider specifying version for reproducibility |
安全亮点
✓ All functionality clearly documented in SKILL.md
✓ Credential management delegated to Membrane (no local secrets)
✓ No credential harvesting or exfiltration
✓ No base64, obfuscation, or anti-analysis techniques
✓ No sensitive file/path access (no ~/.ssh, ~/.aws, .env)
✓ No reverse shell, C2, or data theft indicators
✓ Standard npm CLI installation pattern
✓ Pre-built actions preferred over raw API calls (security best practice)