Scan Report
0 /100
danube
Connect your AI agent to 100+ services through a single API key — discover, search, and execute tools via MCP
This is a pure documentation skill describing MCP integration with Danube AI service. No code, scripts, or executable content present. All behavior is clearly declared in the documentation.
Safe to install
This skill is safe to use. No security concerns identified. The skill provides legitimate MCP server configuration instructions for connecting to an external AI service catalog.
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Filesystem | NONE | NONE | — | No file operations in skill.md |
| Network | NONE | NONE | — | No code executes network requests; only documents MCP endpoint |
| Shell | NONE | NONE | — | No shell commands in skill.md |
| Environment | READ | NONE | ✓ Aligned | DANUBE_API_KEY env var only mentioned for reference |
| Skill Invoke | NONE | NONE | — | No skill invocation code |
| Clipboard | NONE | NONE | — | No clipboard access |
| Browser | NONE | NONE | — | No browser automation |
| Database | NONE | NONE | — | No database operations |
8 findings
Medium External URL 外部 URL
https://danubeai.com skill.md:12 Medium External URL 外部 URL
https://danubeai.com/dashboard skill.md:24 Medium External URL 外部 URL
https://api.danubeai.com/v1/auth/device/code skill.md:29 Medium External URL 外部 URL
https://api.danubeai.com/v1/auth/device/token skill.md:41 Medium External URL 外部 URL
https://mcp.danubeai.com/mcp skill.md:58 Medium External URL 外部 URL
https://docs.danubeai.com skill.md:145 Medium External URL 外部 URL
https://danubeai.com/privacy skill.md:147 Medium External URL 外部 URL
https://danubeai.com/terms skill.md:148 File Tree
1 files · 5.7 KB · 148 lines Markdown 1f · 148L
└─
skill.md
Markdown
Security Positives
✓ Pure documentation skill with no executable code
✓ All functionality clearly declared and documented
✓ No hidden or obfuscated behavior
✓ No credential harvesting beyond legitimate API key
✓ Clear security model documented (user-scoped access, row-level security)
✓ OAuth 2.0 Device Authorization flow requires explicit user consent
✓ No base64, obfuscation, or anti-analysis patterns
✓ No suspicious network indicators (IP addresses, C2 domains)
✓ No file system or sensitive path access
✓ Standard MCP protocol integration with known service