扫描报告
0 /100
hellosign
HelloSign integration. Manage Templates, Teams, Accounts. Use when the user wants to interact with HelloSign data.
This is a documentation-only skill providing instructions for using the HelloSign API through the Membrane CLI platform. No malicious code or suspicious behavior detected.
可以安装
This skill is safe to use. It provides legitimate documentation for HelloSign integration using the Membrane platform.
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 文件系统 | NONE | NONE | — | No file operations referenced in documentation |
| 网络访问 | READ | READ | ✓ 一致 | SKILL.md declares HelloSign API integration |
| 命令执行 | NONE | NONE | — | Only documents CLI commands; no inline shell execution in skill |
| 环境变量 | NONE | NONE | — | SKILL.md explicitly states 'never ask for API keys' |
| 技能调用 | NONE | NONE | — | No sub-skill invocations documented |
| 剪贴板 | NONE | NONE | — | Not referenced |
| 浏览器 | NONE | NONE | — | Browser used only for OAuth flow, not automated |
| 数据库 | NONE | NONE | — | No database operations |
2 项发现
中危 外部 URL 外部 URL
https://getmembrane.com SKILL.md:7 中危 外部 URL 外部 URL
https://developers.hellosign.com/api/reference/ SKILL.md:19 目录结构
1 文件 · 5.5 KB · 140 行 Markdown 1f · 140L
└─
SKILL.md
Markdown
安全亮点
✓ No executable code present - documentation-only skill
✓ Explicitly states 'never ask for API keys' - follows credential security best practices
✓ Uses Membrane platform which handles auth lifecycle server-side
✓ No base64 encoding or obfuscation detected
✓ No credential harvesting or environment variable iteration
✓ No curl|bash or remote script execution patterns
✓ External URLs are legitimate services (getmembrane.com, hellosign.com)
✓ Explicitly recommends using pre-built actions over raw API calls