Scan Report
5 /100
jaegertracing
JaegerTracing integration for monitoring and troubleshooting microservices-based applications
Documentation-only skill that provides instructions for using the Membrane CLI to interact with JaegerTracing; no executable code or malicious behavior detected.
Safe to install
This skill is safe to use. Consider pinning the npm package version (e.g., @membranehq/[email protected] instead of @latest) for reproducible deployments.
Findings 1 items
| Severity | Finding | Location |
|---|---|---|
| Low | Unpinned npm package version Supply Chain | SKILL.md:24 |
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Filesystem | NONE | NONE | — | No filesystem access described or required |
| Network | READ | READ | ✓ Aligned | SKILL.md: Uses Membrane CLI to proxy requests to JaegerTracing API |
| Shell | WRITE | WRITE | ✓ Aligned | SKILL.md: Runs npm install and membrane CLI commands |
| Environment | NONE | NONE | — | No environment variable access described |
2 findings
Medium External URL 外部 URL
https://getmembrane.com SKILL.md:7 Medium External URL 外部 URL
https://www.jaegertracing.io/docs/ SKILL.md:19 File Tree
1 files · 4.5 KB · 123 lines Markdown 1f · 123L
└─
SKILL.md
Markdown
Dependencies 1 items
| Package | Version | Source | Known Vulns | Notes |
|---|---|---|---|---|
@membranehq/cli | latest | npm | No | Version not pinned - uses @latest tag |
Security Positives
✓ Skill is purely documentation-based with no executable code
✓ No credential harvesting - Membrane handles authentication server-side
✓ No filesystem write access required or declared
✓ No obfuscation or suspicious patterns detected
✓ No hidden functionality or doc-to-code mismatch
✓ Official JaegerTracing documentation URLs are legitimate
✓ Membrane CLI approach is a reasonable security pattern (credentials managed server-side)