Carapi

v1.0.0

CarAPI integration. Manage data, records, and automate workflows. Use when the user wants to interact with CarAPI data.

⭐ 0· 59·0 current·0 all-time

byVlad Ursul@gora050

MIT-0

Download zip

LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.

Security Scan

VirusTotal

Benign

View report →

OpenClaw

Benign

high confidence

✓

Purpose & Capability

The name/description (CarAPI integration) matches the SKILL.md: it instructs the agent to use the Membrane CLI to discover connectors, create a connection, run actions, or proxy requests to CarAPI. The requested capabilities are proportional to the stated purpose.

✓

Instruction Scope

The SKILL.md stays on-topic: it tells the user/agent to install and use the Membrane CLI, create connections, list actions, run actions, and proxy requests. It does not instruct reading unrelated files, exporting unexpected data, or accessing unrelated environment variables. It requires network access and a Membrane account (declared in the doc).

ℹ

Install Mechanism

This is an instruction-only skill with no install spec, but the doc tells users to install @membranehq/cli via npm (npm install -g @membranehq/cli). Installing a public npm CLI is a normal step for this workflow, but it does introduce the usual supply-chain considerations for npm packages (verify publisher, package integrity, and review maintainers).

✓

Credentials

The skill requests no environment variables or local credentials. Authentication is delegated to Membrane and the user’s browser login flow; this is appropriate for the described proxy/connector model. The primary trust decision is allowing Membrane to hold and use CarAPI credentials on the user's behalf.

✓

Persistence & Privilege

The skill does not request always:true or any elevated/persistent platform presence. It does not instruct changing other skills or global agent settings. Normal autonomous invocation is allowed by platform default and is not a concern here.

Assessment

This skill appears coherent: it asks you to use the Membrane CLI to create a connection to CarAPI and then run proxyed actions. Before installing/using it: (1) verify the npm package @membranehq/cli is the legitimate Membrane package (check the publisher and GitHub repo), (2) review Membrane's privacy/security docs because Membrane will hold/exchange API credentials on your behalf, (3) avoid entering unrelated secrets or local credentials, and (4) perform npm installs in a trusted environment (or sandbox) if you are concerned about supply-chain risk. If you need stronger assurance, request a code-based skill with an explicit install spec and verifiable package hashes.

Like a lobster shell, security has layers — review code before you run it.

latestvk976aa9jjms6f2nmtkjgj1mhg5845033

License

MIT-0

Free to use, modify, and redistribute. No attribution required.

Termshttps://spdx.org/licenses/MIT-0.html

Carapi

License

Comments