Assetsonar
v1.0.0AssetSonar integration. Manage data, records, and automate workflows. Use when the user wants to interact with AssetSonar data.
⭐ 0· 30·0 current·0 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Benign
high confidencePurpose & Capability
Name/description (AssetSonar integration) match the SKILL.md: it instructs using the Membrane CLI to connect to AssetSonar, discover actions, run actions, or proxy raw API requests. No unrelated credentials, binaries, or system paths are requested.
Instruction Scope
Instructions stay within the stated purpose (install Membrane CLI, run membrane login, connect to AssetSonar, run actions or proxy requests). Important privacy/security note: the skill explicitly routes AssetSonar API calls through Membrane's proxy, so any data you send will be transmitted to Membrane's service (and visible to them per their policies). The SKILL.md also suggests global npm installation and browser-based login, which require user action.
Install Mechanism
The registry has no install spec (instruction-only), but SKILL.md instructs installing @membranehq/cli via npm (npm install -g). This is a standard public-registry install (moderate risk compared to no install); there are no opaque download URLs or archive extracts.
Credentials
The skill declares no required env vars or credentials. It relies on Membrane to manage authentication server-side and explicitly advises not to collect API keys locally, which is proportionate to the stated approach.
Persistence & Privilege
No always:true, no special OS or system config paths, and no modifications to other skills are indicated. The skill is user-invocable and may be called autonomously (platform default), which is expected.
Assessment
This skill is coherent: it uses the Membrane CLI to talk to AssetSonar. Before installing or using it, confirm you trust Membrane (https://getmembrane.com) because API calls and payloads will go through their service and they will handle your credentials. Review the @membranehq/cli npm package (publisher, version history, and package contents) before running npm install -g. If your organization requires direct control of AssetSonar credentials or no third-party proxies, consider implementing a direct AssetSonar integration instead. In headless/server environments note the login flow requires user interaction or the headless 'login complete <code>' flow described in the SKILL.md.Like a lobster shell, security has layers — review code before you run it.
latestvk97cmchyafg4bscy02g1k6n0qx848rxv
License
MIT-0
Free to use, modify, and redistribute. No attribution required.