扫描报告
0 /100
zuplo
Zuplo integration for managing data, records, and workflow automation via Membrane CLI
A minimal, well-documented Zuplo integration skill that uses the Membrane CLI for API gateway management with no hidden functionality or suspicious behavior.
可以安装
This skill is safe to use. No security concerns identified.
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 命令执行 | WRITE | WRITE | ✓ 一致 | SKILL.md: npm install -g @membranehq/cli |
| 网络访问 | READ | READ | ✓ 一致 | SKILL.md: membrane request commands for API calls |
| 文件系统 | NONE | NONE | — | No file operations detected |
| 环境变量 | NONE | NONE | — | No environment access detected |
| 技能调用 | NONE | NONE | — | No skill chaining detected |
| 剪贴板 | NONE | NONE | — | No clipboard access detected |
| 浏览器 | NONE | NONE | — | No browser automation detected |
| 数据库 | NONE | NONE | — | No database access detected |
2 项发现
中危 外部 URL 外部 URL
https://getmembrane.com SKILL.md:7 中危 外部 URL 外部 URL
https://www.zuplo.com/docs SKILL.md:19 目录结构
1 文件 · 4.4 KB · 127 行 Markdown 1f · 127L
└─
SKILL.md
Markdown
安全亮点
✓ No implementation scripts - purely documentation-driven
✓ Credential handling explicitly delegated to Membrane CLI (security best practice)
✓ No hardcoded credentials or API keys in documentation
✓ Best practices documented: prefer pre-built actions over raw API calls
✓ No data exfiltration mechanisms present
✓ No sensitive path access (no ~/.ssh, ~/.aws, .env access)
✓ No base64/encoded payloads or obfuscated code
✓ External URLs are legitimate services (getmembrane.com, zuplo.com)
✓ Follows principle of least privilege by using Membrane's managed auth