Brass
v1.0.0Brass integration. Manage data, records, and automate workflows. Use when the user wants to interact with Brass data.
⭐ 0· 28·0 current·0 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name/description (Brass integration) match the instructions: all actions are performed via the Membrane CLI and/or the Brass API proxy. Nothing in the SKILL.md asks for unrelated cloud credentials or access to systems outside of interacting with Brass via Membrane.
Instruction Scope
Runtime instructions are limited to installing/using the Membrane CLI, logging in via browser (or headless flow), creating connections, listing and running actions, and proxying requests to Brass. The instructions do not direct the agent to read arbitrary local files, environment variables, or send data to unexpected endpoints.
Install Mechanism
There is no install spec in the registry (instruction-only), but the SKILL.md recommends installing @membranehq/cli via npm (global install) or using npx. npm global installs are a common, expected mechanism here but do require OS-level permissions and trust in the package publisher; users may prefer npx or installing in a sandboxed environment. No suspicious download URLs or extract steps are present.
Credentials
The skill declares no required env vars or credentials and instructs the user to authenticate via Membrane's browser-based login. That is proportionate: Membrane is presented as handling auth server-side, so the skill does not ask for extraneous secrets.
Persistence & Privilege
The skill does not request always:true or any elevated persistence. It is user-invocable and does not attempt to modify other skills or system-wide agent settings.
Assessment
This skill is an instruction-only wrapper around the Membrane CLI for working with Brass and appears coherent. Before using it: (1) verify the @membranehq/cli package on npm and prefer npx or a sandboxed/container install instead of a global npm install if you have concerns about permissions; (2) confirm you trust getmembrane.com and the Membrane GitHub repo; (3) review the OAuth/ browser login prompts when authenticating and avoid pasting any unrelated secrets into CLI prompts; (4) if you need higher assurance, inspect the Membrane CLI source on GitHub before installing. If you cannot trust the Membrane publisher, do not install or run the suggested commands.Like a lobster shell, security has layers — review code before you run it.
latestvk9725jfe8aajnfqj12ecsfmysx847869
License
MIT-0
Free to use, modify, and redistribute. No attribution required.