扫描报告
5 /100
resci-retention-science
Retention Science integration for e-commerce customer retention and churn reduction
Documentation-only skill with no executable code; describes legitimate use of the Membrane CLI for interacting with Retention Science API.
可以安装
No action needed. This skill is safe to use as it only contains documentation for using a legitimate third-party CLI tool.
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 网络访问 | READ | READ | ✓ 一致 | SKILL.md documents API requests through Membrane proxy |
| 命令执行 | WRITE | WRITE | ✓ 一致 | SKILL.md line 25: npm install -g @membranehq/cli |
| 文件系统 | NONE | NONE | — | No file operations described |
| 环境变量 | NONE | NONE | — | No environment variable access |
| 凭证窃取 | NONE | NONE | — | SKILL.md line 63: explicitly states 'never ask the user for API keys' |
2 项发现
中危 外部 URL 外部 URL
https://getmembrane.com SKILL.md:7 中危 外部 URL 外部 URL
https://support.retentionscience.com/ SKILL.md:19 目录结构
1 文件 · 4.3 KB · 122 行 Markdown 1f · 122L
└─
SKILL.md
Markdown
安全亮点
✓ Skill contains only documentation, no executable code
✓ All shell commands are explicitly documented (npm install, membrane CLI)
✓ Credentials handled server-side by Membrane with no local secrets
✓ No obfuscation or base64-encoded content
✓ No access to sensitive paths (~/.ssh, ~/.aws, .env)
✓ No credential harvesting or data exfiltration
✓ External URLs point to legitimate service providers (Membrane, Retention Science)
✓ Clear documentation of required permissions and behaviors