扫描报告
15 /100
snowflake
Snowflake integration for data warehousing and workflow automation
Legitimate Snowflake integration skill using the Membrane CLI with all capabilities properly documented; minor issue with unpinned npm package installation.
可以安装
Skill is safe for use. Consider pinning the CLI version in install command for reproducibility (e.g., @membranehq/[email protected]).
安全发现 1 项
| 严重性 | 安全发现 | 位置 |
|---|---|---|
| 低危 | Unpinned npm package version 供应链 | SKILL.md:27 |
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 文件系统 | NONE | NONE | — | No file operations detected |
| 网络访问 | READ | READ | ✓ 一致 | SKILL.md declares network access for Snowflake API via Membrane proxy |
| 命令执行 | WRITE | WRITE | ✓ 一致 | SKILL.md declares npm install and membrane CLI usage (lines 27, 31, 42, etc.) |
| 环境变量 | NONE | NONE | — | No environment variable access detected |
| 技能调用 | NONE | NONE | — | No skill invocation detected |
| 剪贴板 | NONE | NONE | — | No clipboard access detected |
| 浏览器 | NONE | NONE | — | No browser automation detected |
| 数据库 | NONE | READ | ✓ 一致 | Snowflake database access is the core purpose and is declared in SKILL.md |
2 项发现
中危 外部 URL 外部 URL
https://getmembrane.com SKILL.md:7 中危 外部 URL 外部 URL
https://docs.snowflake.com/en/ SKILL.md:19 目录结构
1 文件 · 4.3 KB · 126 行 Markdown 1f · 126L
└─
SKILL.md
Markdown
依赖分析 1 项
| 包名 | 版本 | 来源 | 已知漏洞 | 备注 |
|---|---|---|---|---|
@membranehq/cli | latest | npm | 否 | Version not pinned |
安全亮点
✓ All shell commands (npm, membrane CLI) are explicitly documented in SKILL.md
✓ No credential handling - Membrane manages auth server-side with no local secrets
✓ No suspicious patterns detected (base64, eval, curl|bash, etc.)
✓ No sensitive path access (~/.ssh, ~/.aws, .env)
✓ Only one file exists (SKILL.md) with no hidden scripts or executables
✓ Uses legitimate, documented CLI toolchain
✓ No data exfiltration or C2 communication patterns