扫描报告
0 /100
medusa-commerce
Medusa Commerce integration — manage data, records, and automate workflows via the Membrane CLI.
A clean, single-file Medusa Commerce integration skill that wraps the legitimate Membrane CLI with no hidden functionality, no credential theft, and no data exfiltration.
可以安装
This skill is safe to use. No action required.
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 网络访问 | READ | READ | ✓ 一致 | SKILL.md: membrane request proxies API calls through Membrane |
| 命令执行 | WRITE | WRITE | ✓ 一致 | SKILL.md: npm install -g @membranehq/cli, membrane action run, membrane connect |
| 文件系统 | NONE | NONE | — | SKILL.md: No filesystem operations declared or performed |
| 环境变量 | NONE | NONE | — | SKILL.md: No environment variable access; credentials handled by Membrane server… |
| 技能调用 | NONE | NONE | — | No nested skill invocation declared or observed |
| 剪贴板 | NONE | NONE | — | No clipboard access |
| 浏览器 | NONE | NONE | — | SKILL.md: membrane login opens browser for OAuth flow only; no browser API acces… |
| 数据库 | NONE | NONE | — | No direct database access |
2 项发现
中危 外部 URL 外部 URL
https://getmembrane.com SKILL.md:7 中危 外部 URL 外部 URL
https://docs.medusajs.com/ SKILL.md:19 目录结构
1 文件 · 4.6 KB · 141 行 Markdown 1f · 141L
└─
SKILL.md
Markdown
安全亮点
✓ Single-file skill with no executable scripts — all behavior is documented in SKILL.md
✓ No credential theft: credentials are managed server-side by Membrane with no local secrets
✓ No data exfiltration: outbound API calls go through Membrane's authenticated proxy
✓ No obfuscation: no base64, no eval, no encoded strings
✓ No hidden functionality: the skill is a thin wrapper around the @membranehq/cli CLI
✓ No sensitive file access: no .ssh, .aws, .env, or similar paths referenced
✓ No supply chain risk: no dependencies declared (CLI is installed from npm registry)
✓ Best practices documented: recommends using pre-built actions over raw API calls