Breeze
v1.0.2Breeze integration. Manage data, records, and automate workflows. Use when the user wants to interact with Breeze data.
⭐ 0· 116·0 current·0 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name/description say 'Breeze integration' and the runtime instructions consistently use the Membrane CLI to discover connectors, create connections, run actions, and proxy requests to Breeze. No unrelated credentials, binaries, or config paths are requested.
Instruction Scope
Instructions are narrowly focused on using the Membrane CLI (install, login, list actions, run actions, proxy requests). One notable point: the documented 'Get Current User' action can return an API key and team memberships — this is expected for some APIs but is sensitive information and the skill does reference it explicitly. The instructions do not tell the agent to read local files or unrelated environment variables.
Install Mechanism
There is no formal install spec in the registry (skill is instruction-only), but SKILL.md instructs the user to run 'npm install -g @membranehq/cli'. Installing a global npm CLI is a common, moderate-risk action; users should ensure the package name and source are legitimate before installing globally.
Credentials
The skill declares no required environment variables or credentials and instructs the user to create a Membrane connection rather than sharing raw API keys. The absence of requested env vars is proportional to the described usage.
Persistence & Privilege
The skill does not request permanent 'always' inclusion and has no install-time code writing to disk (instruction-only). It does not ask to modify other skills or system-wide agent settings.
Assessment
This skill appears to do what it says: it uses Membrane to talk to Breeze. Before installing/using it: (1) Verify the Membrane CLI package (@membranehq/cli) and homepage are legitimate; avoid installing global npm packages you don't trust. (2) Be cautious with actions that return API keys or other secrets (the 'get-current-user' action may expose an API key); never paste secrets into chat. (3) When running proxy requests or custom actions, review the request path and payload to avoid leaking sensitive data. (4) In headless environments you may need to copy/paste auth codes—treat those codes as sensitive. If you need higher assurance, ask the skill author for the exact connector ID and a minimal set of sample commands before granting access.Like a lobster shell, security has layers — review code before you run it.
latestvk974p2sh9hv7ex5679yqbv1be984222w
License
MIT-0
Free to use, modify, and redistribute. No attribution required.