Callingly
v1.0.2Callingly integration. Manage data, records, and automate workflows. Use when the user wants to interact with Callingly data.
⭐ 0· 99·0 current·0 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
The skill claims to integrate with Callingly via Membrane and all runtime instructions use the Membrane CLI and a Membrane account — this is coherent with the stated purpose. However, the registry metadata declares no required binaries while the SKILL.md explicitly instructs installing and running the `@membranehq/cli` (which requires npm and produces a `membrane` binary). The metadata omission is a mismatch that should be corrected.
Instruction Scope
SKILL.md confines actions to installing/using the Membrane CLI, creating connections, listing actions, running actions, and proxying requests to Callingly via Membrane. It does not instruct reading arbitrary local files or asking the user for unrelated credentials; it explicitly advises against asking users for API keys and relies on browser-based OAuth flows.
Install Mechanism
There is no formal install spec in the package registry (instruction-only), but the runtime instructions direct the user to run `npm install -g @membranehq/cli`. Installing a global npm package is a moderate-risk install mechanism (third-party package from npm, global install may require elevated privileges). This is expected for a CLI-based integration, but you should verify the npm package identity and trustworthiness before running it.
Credentials
The skill declares no required environment variables or credentials and the instructions rely on the Membrane login/browser OAuth flow that stores credentials managed by Membrane. That is proportionate to a connector integration; there are no unexplained secrets requested by the skill itself.
Persistence & Privilege
The skill does not request always-on presence (always:false) and has no install-time behavior recorded in the registry. It does require the user to install and authenticate the Membrane CLI, which will store connection state in Membrane's tooling — this is normal for a connector and not an elevated system privilege.
Assessment
This skill is an instruction-only integration that uses the Membrane CLI to talk to Callingly. Before installing or running it: 1) Confirm you trust the npm package @membranehq/cli (check the package page, maintainers, and GitHub repo) because the SKILL.md recommends installing it globally. 2) Be aware the CLI opens a browser login flow — Membrane will hold credentials and can proxy requests to Callingly, so Membrane will have access to your Callingly data. 3) If you cannot or do not want to install global npm packages or grant a third-party tool access to Callingly, do not install. 4) Consider running the CLI in a controlled environment (container or dedicated machine) and verify the registry metadata is updated to declare required binaries (npm, membrane) before trusting automated/agent runs.Like a lobster shell, security has layers — review code before you run it.
latestvk972xktqv2qqns1mwjjhzy5mph843vqd
License
MIT-0
Free to use, modify, and redistribute. No attribution required.