Argyle
v1.0.0Argyle integration. Manage data, records, and automate workflows. Use when the user wants to interact with Argyle data.
⭐ 0· 50·0 current·0 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Benign
medium confidencePurpose & Capability
The skill's name and description (Argyle integration) align with the instructions (use Membrane CLI to connect to Argyle). However, the registry metadata lists no required binaries while SKILL.md instructs the user to install the @membranehq/cli (npm install -g) and uses npx in examples — that's a small mismatch between declared requirements and the runtime instructions.
Instruction Scope
SKILL.md stays within the stated purpose: it instructs how to install and use the Membrane CLI, how to create connections, list actions, run actions, and proxy requests to the Argyle API. It does not instruct reading unrelated files, asking for unrelated credentials, or exfiltrating data to unexpected endpoints. It explicitly advises not to ask users for API keys and to rely on Membrane for auth.
Install Mechanism
There is no formal install spec in the registry (skill is instruction-only). The runtime instructions direct installing @membranehq/cli via npm and also use npx @membranehq/cli@latest in examples. Installing from npm is expected here, but npx @latest executes whatever is published as latest at runtime (transiently fetching code), which increases risk compared to using a pinned version or an audited binary.
Credentials
The skill declares no required env vars or credentials and the instructions rely on Membrane to manage credentials server-side. That matches the stated goal (do not ask for Argyle API keys locally). No unrelated secrets or config paths are requested.
Persistence & Privilege
The skill is not always-enabled and does not request any special persistent privileges or modify other skills' configuration. It is user-invocable and allows autonomous invocation (the platform default), which is expected for skills.
Assessment
This skill is an instruction-only integration that asks you to use the Membrane CLI to access Argyle data. Before installing or running commands: 1) verify the @membranehq/cli package and the Membrane project (homepage and GitHub link are provided) to ensure you trust the publisher; 2) prefer installing a pinned CLI version rather than running npx @latest to avoid pulling unexpected code at runtime; 3) be prepared to complete browser-based OAuth flows (or use the headless flow described); 4) do not provide Argyle API keys locally — Membrane is intended to manage auth server-side; and 5) if you need stronger isolation, run the CLI in a constrained environment (container or dedicated machine) and review the CLI's source code or release artifacts before use.Like a lobster shell, security has layers — review code before you run it.
latestvk97140g4yeqnt0trnjc8y5hzz584e4jp
License
MIT-0
Free to use, modify, and redistribute. No attribution required.