by 安全扫描
OpenClaw
安全
high confidenceThe skill is internally consistent: it documents using the Membrane CLI to connect to Imperva, asks for a Membrane account and interactive login, and requests no unrelated credentials or system access.
评估建议
This skill looks coherent, but before installing: 1) Verify @membranehq/cli package provenance (check the linked GitHub repo and npm publisher) before running a global npm install; consider using a scoped or containerized install if you prefer isolation. 2) Understand that Membrane will broker auth to Imperva—you'll sign in via browser and Membrane will hold credentials server-side, so review Membrane's privacy/security docs if this is sensitive. 3) The skill does not request local secrets, but ...详细分析 ▾
✓ 用途与能力
The name/description (Imperva integration) matches the instructions: all actions are performed via the Membrane CLI and Membrane connections for an Imperva connector. No unrelated services, env vars, or binaries are requested.
✓ 指令范围
SKILL.md only instructs installing and using the Membrane CLI, performing login, creating a connection, and listing/running Membrane actions. It does not instruct reading unrelated files, exporting secrets, or contacting unexpected endpoints. It advises against asking users for API keys.
ℹ 安装机制
There is no formal install spec in the registry (skill is instruction-only), but the runtime instructions ask the operator to run `npm install -g @membranehq/cli@latest`. Installing a global npm package is a normal step for a CLI, but downloading code from a public registry has moderate risk; verify the package author, GitHub repo, and that you trust the Membrane project before installing globally.
✓ 凭证需求
The skill declares no required env vars, no config paths, and the runtime instructions rely on browser-based / Membrane-auth flows. The requested access (a Membrane account and network) is proportional to an integration that delegates auth to Membrane.
✓ 持久化与权限
Skill is not set to always:true, does not request permanent system-level presence, and contains no instructions to modify other skills or system-wide settings. Standard agent autonomous invocation defaults apply.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
安装命令
点击复制官方npx clawhub@latest install imperva
镜像加速npx clawhub@latest install imperva --registry https://cn.longxiaskill.com镜像同步中