扫描报告
5 /100
workfront
Workfront integration. Manage data, records, and automate workflows. Use when the user wants to interact with Workfront data.
Pure documentation-only skill that guides users through legitimate CLI commands for Workfront integration via the Membrane SDK. No executable code present; all operations are visible shell commands the user can inspect.
可以安装
No action required. The skill is safe to use. The declared shell:WRITE permission is appropriate for npm install and CLI command execution.
安全发现 1 项
| 严重性 | 安全发现 | 位置 |
|---|---|---|
| 低危 | Excessive repetitive content 文档欺骗 | SKILL.md:80 |
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 命令执行 | WRITE | WRITE | ✓ 一致 | SKILL.md documents npm install -g @membranehq/cli and membrane CLI commands |
| 网络访问 | READ | READ | ✓ 一致 | SKILL.md references https://experienceleague.adobe.com/docs/workfront.html for d… |
| 文件系统 | NONE | NONE | — | No file operations documented or required |
| 环境变量 | NONE | NONE | — | No environment variable access documented |
| 凭证访问 | NONE | NONE | — | SKILL.md explicitly says 'never ask for API keys' and delegates auth to Membrane… |
2 项发现
中危 外部 URL 外部 URL
https://getmembrane.com SKILL.md:7 中危 外部 URL 外部 URL
https://experienceleague.adobe.com/docs/workfront.html SKILL.md:19 目录结构
1 文件 · 46.2 KB · 469 行 Markdown 1f · 469L
└─
SKILL.md
Markdown
安全亮点
✓ No executable code present — purely a documentation file
✓ No obfuscation, base64, or hidden commands
✓ No credential harvesting — explicitly delegates auth to the Membrane SDK
✓ All shell commands are explicitly documented and user-visible
✓ No access to sensitive paths (~/.ssh, ~/.aws, .env)
✓ No network exfiltration or C2 communication patterns
✓ Uses a legitimate, publicly known SDK (@membranehq/cli)
✓ No supply chain risk — no dependencies or scripts included