扫描报告
5 /100
wishpond
Wishpond marketing platform integration via Membrane CLI
A straightforward Wishpond API integration skill using the Membrane CLI framework with no hidden functionality, credential handling, or suspicious patterns.
可以安装
This skill is safe to use. No additional security controls needed.
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 文件系统 | NONE | NONE | — | No file operations in SKILL.md |
| 网络访问 | READ | READ | ✓ 一致 | Uses Membrane proxy for Wishpond API calls |
| 命令执行 | WRITE | WRITE | ✓ 一致 | Executes membrane CLI commands (login, connect, action run) |
| 环境变量 | NONE | NONE | — | Delegates auth to Membrane; no direct env access |
| 技能调用 | NONE | NONE | — | No nested skill invocation |
| 剪贴板 | NONE | NONE | — | No clipboard access |
| 浏览器 | READ | READ | ✓ 一致 | Uses browser for OAuth authentication flow |
| 数据库 | NONE | NONE | — | No database access |
2 项发现
中危 外部 URL 外部 URL
https://getmembrane.com SKILL.md:7 中危 外部 URL 外部 URL
https://developers.wishpond.com/ SKILL.md:19 目录结构
1 文件 · 4.6 KB · 132 行 Markdown 1f · 132L
└─
SKILL.md
Markdown
依赖分析 1 项
| 包名 | 版本 | 来源 | 已知漏洞 | 备注 |
|---|---|---|---|---|
@membranehq/cli | latest | npm | 否 | Official Membrane CLI, installed via npm install -g |
安全亮点
✓ Credential management delegated entirely to Membrane infrastructure
✓ No hardcoded secrets or API keys in documentation
✓ No shell command injection vectors detected
✓ No file system access required or declared
✓ All functionality declared and documented in SKILL.md
✓ Uses pre-built actions when possible, reducing attack surface
✓ No base64, eval, or dynamic code execution patterns
✓ No access to sensitive paths (~/.ssh, ~/.aws, .env)