Scan Report
5 /100
suitedash
SuiteDash integration via Membrane CLI. Manage Organizations, CRM, invoicing, and business operations.
纯文档型SKILL,仅包装Membrane CLI调用SuiteDash API,无代码执行,所有操作均在SKILL.md中声明。
Safe to install
可安全使用,npm install -g是唯一外部依赖,需确认@membranehq/cli来源可信。
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Filesystem | NONE | NONE | — | 无文件操作,仅CLI调用 |
| Network | READ | READ | ✓ Aligned | SKILL.md:44-69 通过membrane request代理请求 |
| Shell | WRITE | WRITE | ✓ Aligned | SKILL.md:25 npm install -g @membranehq/cli; SKILL.md:30-39 membrane login/connec… |
2 findings
Medium External URL 外部 URL
https://getmembrane.com SKILL.md:7 Medium External URL 外部 URL
https://suitedash.com/university/ SKILL.md:19 File Tree
1 files · 5.0 KB · 169 lines Markdown 1f · 169L
└─
SKILL.md
Markdown
Dependencies 1 items
| Package | Version | Source | Known Vulns | Notes |
|---|---|---|---|---|
@membranehq/cli | * | npm (install -g) | No | 无版本锁定,存在供应链依赖风险 |
Security Positives
✓ 纯文档型skill,无实际脚本代码,零阴影功能
✓ 所有shell操作均在SKILL.md中明确声明
✓ 凭证管理完全由Membrane服务端处理,不在本地存储密钥
✓ 使用pre-built actions优于裸API调用的安全建议已写入文档
✓ 无混淆/编码/eval等可疑技术