扫描报告
0 /100
piggy
Piggy integration for personal finance management via Membrane CLI
The Piggy skill is a pure Markdown integration guide with no scripts, dependencies, or code — it documents only the legitimate Membrane CLI for Piggy personal finance API interactions.
可以安装
This skill is safe to use. No further action required.
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 文件系统 | NONE | NONE | — | |
| 网络访问 | READ | READ | ✓ 一致 | membrane request and action list commands communicate with Membrane API |
| 命令执行 | NONE | NONE | — | Only documented CLI commands (npm, membrane); no arbitrary command execution |
| 环境变量 | NONE | NONE | — | |
| 技能调用 | NONE | NONE | — | |
| 剪贴板 | NONE | NONE | — | |
| 浏览器 | NONE | NONE | — | |
| 数据库 | NONE | NONE | — |
2 项发现
中危 外部 URL 外部 URL
https://getmembrane.com SKILL.md:7 中危 外部 URL 外部 URL
https://piggy.co/docs/ SKILL.md:19 目录结构
1 文件 · 4.2 KB · 124 行 Markdown 1f · 124L
└─
SKILL.md
Markdown
安全亮点
✓ No scripts or binary files present — skill is a pure Markdown documentation file
✓ No credential theft: skill explicitly instructs to use Membrane connections instead of API keys
✓ No arbitrary shell execution: all commands are documented, well-defined CLI calls
✓ No sensitive file access (no ~/.ssh, ~/.aws, .env, etc.)
✓ No obfuscation, base64, or anti-analysis patterns
✓ No supply chain risks since no dependency files exist
✓ Membrane handles authentication server-side with no local secrets
✓ No prompt injection vectors detected
✓ External URLs (getmembrane.com, piggy.co/docs) are standard documentation links with no suspicious behavior