Boxhero
v1.0.2BoxHero integration. Manage data, records, and automate workflows. Use when the user wants to interact with BoxHero data.
⭐ 0· 123·0 current·0 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name/description say 'BoxHero integration' and the SKILL.md instructs using the Membrane CLI to connect to BoxHero, list actions, run actions, or proxy requests — these requirements are appropriate and expected for the stated purpose.
Instruction Scope
Instructions are limited to installing and using the Membrane CLI, performing browser-based login, creating connections, listing/running actions, and proxying API calls. The skill does not instruct reading unrelated local files, environment variables, or sending data to unexpected endpoints.
Install Mechanism
There is no formal install spec in the registry (instruction-only), but SKILL.md tells users to run `npm install -g @membranehq/cli`. Installing a global npm package is a reasonable way to get the CLI but requires trusting the publisher and executing third-party code on the machine.
Credentials
The skill requests no environment variables or credentials and explicitly recommends using Membrane connections rather than local API keys. Minor caution: the Membrane CLI will perform authentication (browser flow) and likely cache credentials/config locally — SKILL.md doesn't detail where these are stored.
Persistence & Privilege
The skill is instruction-only, not always-enabled, and does not request elevated platform privileges or modify other skills. Autonomous invocation is allowed by default but the skill itself doesn't request persistent system-wide privileges.
Assessment
This skill appears coherent: it simply instructs the user to install and use the Membrane CLI to connect to BoxHero. Before installing, verify you trust the @membranehq package and the getmembrane.com project (review their npm page and GitHub repo). Be aware the CLI uses a browser login flow and will store authentication state locally — avoid running it on shared or otherwise sensitive hosts unless you understand where credentials are persisted. If you prefer not to install globally, consider running the CLI in an isolated environment (container or dedicated VM) or reviewing the CLI source code on GitHub first.Like a lobster shell, security has layers — review code before you run it.
latestvk9711a3301d6528zkntbg9cd2h8431wh
License
MIT-0
Free to use, modify, and redistribute. No attribution required.