扫描报告
0 /100
toolset
Toolset integration for WordPress website management via Membrane CLI
This skill is a pure documentation file describing legitimate WordPress Toolset integration via the Membrane CLI with no hidden functionality, credential harvesting, or suspicious network patterns.
可以安装
This skill is safe to use. No action required.
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 网络访问 | READ | READ | ✓ 一致 | Metadata declares 'Requires network access'; all API calls go through membrane C… |
| 命令执行 | WRITE | WRITE | ✓ 一致 | SKILL.md lines 22-23: documents npm install -g @membranehq/cli |
| 文件系统 | NONE | NONE | — | No file operations in the skill |
| 环境变量 | NONE | NONE | — | No environment variable access; credentials managed by Membrane server-side |
| 技能调用 | NONE | NONE | — | No cross-skill invocation |
| 剪贴板 | NONE | NONE | — | No clipboard operations |
| 浏览器 | NONE | NONE | — | No direct browser control; uses Membrane's OAuth flow |
| 数据库 | NONE | NONE | — | No direct database access; interacts via Toolset API |
2 项发现
中危 外部 URL 外部 URL
https://getmembrane.com SKILL.md:7 中危 外部 URL 外部 URL
https://toolset.com/documentation/ SKILL.md:19 目录结构
1 文件 · 4.2 KB · 122 行 Markdown 1f · 122L
└─
SKILL.md
Markdown
安全亮点
✓ All shell commands explicitly documented in SKILL.md
✓ Credential management delegated to Membrane's secure server-side system
✓ No credential harvesting or exfiltration patterns detected
✓ No base64, eval, or obfuscated code found
✓ No suspicious network connections to external IPs
✓ No access to sensitive paths (~/.ssh, ~/.aws, .env)
✓ No remote script execution (curl|bash, wget|sh)
✓ Uses legitimate, documented CLI tool (membranehq/cli)
✓ Skill purpose and capabilities fully aligned with documentation