Bilflo
v1.0.2Bilflo integration. Manage data, records, and automate workflows. Use when the user wants to interact with Bilflo data.
⭐ 0· 129·0 current·0 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name/description (Bilflo integration) matches the SKILL.md: it explains using the Membrane CLI to connect to Bilflo, list/run actions, and proxy API requests. No unrelated credentials, binaries, or config paths are requested.
Instruction Scope
The instructions are limited to installing and using the Membrane CLI (login, connect, action list/run, proxy requests). They do not instruct reading arbitrary files, accessing unrelated env vars, or exfiltrating data. The guidance to 'use action names and parameters as needed' is general but reasonable for an integration skill.
Install Mechanism
The skill is instruction-only (no install spec). The SKILL.md tells the user/agent to run `npm install -g @membranehq/cli`. This is an external, user-executed global npm install — normal for a CLI but worth vetting (see user guidance).
Credentials
The skill declares no required environment variables or secrets and explicitly advises letting Membrane manage credentials rather than asking the user for API keys. No disproportionate credential requests are present.
Persistence & Privilege
The skill is not always-enabled and is user-invocable. It does not request persistent system-wide privileges or attempt to modify other skills or system configuration.
Assessment
This skill appears coherent and limited to using the Membrane CLI as a proxy to Bilflo. Before installing or running: 1) Verify the Membrane project (@membranehq/cli) is the correct, trusted package (check npm page, GitHub repo, release tags, and publisher). 2) Be aware `npm -g` installs require write access to system locations — run in a controlled environment or use a container/virtualenv if you prefer. 3) The login flow opens a browser to authenticate; ensure the redirect/URL is legitimate and that you are logging into the expected Membrane tenant. 4) The skill itself does not request API keys, but actions and proxy calls will transmit Bilflo data through Membrane — confirm you trust Membrane’s handling of credentials and data per their privacy/docs. 5) If you need higher assurance, review Membrane’s docs and the upstream GitHub repository referenced in the SKILL.md before proceeding.Like a lobster shell, security has layers — review code before you run it.
latestvk9709ve41shwe7m4r15m3bm2358437e1
License
MIT-0
Free to use, modify, and redistribute. No attribution required.