Baremetrics
v1.0.2Baremetrics integration. Manage data, records, and automate workflows. Use when the user wants to interact with Baremetrics data.
⭐ 0· 124·0 current·0 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The skill advertises Baremetrics integration and the SKILL.md consistently instructs use of the Membrane CLI to connect to Baremetrics, list actions, run actions, and proxy API requests. No unrelated credentials, binaries, or config paths are requested.
Instruction Scope
Instructions remain within the stated purpose (connect to Baremetrics via Membrane and run actions). One area to note: the docs explicitly recommend using 'membrane request' as a proxy for arbitrary API paths — this is expected for a proxy feature but means the operator can craft arbitrary proxied HTTP requests, so be deliberate about which endpoints and payloads you allow.
Install Mechanism
This is an instruction-only skill (no install spec). The doc tells users to run 'npm install -g @membranehq/cli'. That is a reasonable, common install flow, but installing global npm packages carries the usual trust risk: verify the package and publisher before installing.
Credentials
The skill requires no environment variables or credentials declared in the registry metadata; it relies on interactive Membrane authentication (browser-based or headless code flow), which is consistent with the described behavior.
Persistence & Privilege
always is false and the skill does not request persistent system-wide privileges or attempt to modify other skills or system settings. Membrane handles and stores credentials as part of its normal client behavior — that is expected for this integration.
Assessment
This skill appears to do what it says: it uses the Membrane CLI as a proxy to operate on Baremetrics. Before installing or using it: 1) verify you trust the @membranehq/cli package (check the npm/org and GitHub repo referenced in the SKILL.md); 2) be aware the CLI will perform browser-based auth and store tokens locally as per Membrane's client behavior; 3) limit who or what can execute proxied requests, since 'membrane request' can send arbitrary HTTP requests through your authenticated connection; and 4) prefer running the CLI interactively on a controlled machine (or review the headless auth flow) rather than granting unattended automation unbounded access without review.Like a lobster shell, security has layers — review code before you run it.
latestvk979brnga0mbf3981qn8znz2bd8427nw
License
MIT-0
Free to use, modify, and redistribute. No attribution required.