扫描报告
5 /100
osticket
OsTicket integration. Manage data, records, and automate workflows.
Documentation-only skill that provides OsTicket integration via the Membrane CLI tool with declared network access and no executable code.
可以安装
Skill is safe to use. Network access is necessary for OsTicket API integration and credentials are managed server-side by Membrane.
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 文件系统 | NONE | NONE | — | No file operations documented or required |
| 网络访问 | READ | READ | ✓ 一致 | SKILL.md:40-76 - Proxy requests to OsTicket API via Membrane |
| 命令执行 | WRITE | WRITE | ✓ 一致 | SKILL.md:24-33 - npm install and membrane CLI commands documented |
| 环境变量 | NONE | NONE | — | No environment variable access documented |
| 技能调用 | NONE | NONE | — | No skill chaining documented |
| 剪贴板 | NONE | NONE | — | No clipboard access documented |
| 浏览器 | NONE | NONE | — | Browser used only for OAuth login flow (user-initiated) |
| 数据库 | NONE | NONE | — | No direct database access documented |
2 项发现
中危 外部 URL 外部 URL
https://getmembrane.com SKILL.md:7 中危 外部 URL 外部 URL
https://docs.osticket.com/en/latest/ SKILL.md:19 目录结构
1 文件 · 4.3 KB · 124 行 Markdown 1f · 124L
└─
SKILL.md
Markdown
依赖分析 1 项
| 包名 | 版本 | 来源 | 已知漏洞 | 备注 |
|---|---|---|---|---|
@membranehq/cli | latest | npm | 否 | Version pinning recommended: @membranehq/[email protected] |
安全亮点
✓ Documentation-only skill with no executable code to analyze
✓ Network access is explicitly declared and necessary for OsTicket API
✓ Credentials managed server-side by Membrane with no local secret storage
✓ Uses official npm package @membranehq/cli with version pinning available
✓ OAuth-based authentication flow keeps credentials out of the skill
✓ No sensitive file paths accessed (~/.ssh, ~/.aws, .env)
✓ No obfuscation, base64 encoding, or suspicious patterns detected
✓ No credential harvesting or data exfiltration behavior
✓ External URLs point to legitimate services (membrane.com, osTicket.com)