Carto

v1.0.0

Carto integration. Manage data, records, and automate workflows. Use when the user wants to interact with Carto data.

⭐ 0· 22·0 current·0 all-time

byVlad Ursul@gora050

MIT-0

Download zip

LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.

Security Scan

Capability signals

Requires OAuth token

These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.

VirusTotal

Benign

View report →

OpenClaw

Benign

high confidence

✓

Purpose & Capability

Name/description match the instructions: all guidance focuses on using Membrane to access CARTO. No unrelated credentials, binaries, or config paths are requested.

✓

Instruction Scope

SKILL.md instructs installing and using the Membrane CLI, creating connections, listing actions, running actions, and proxying requests through Membrane. It does not ask the agent to read arbitrary files, access unrelated environment variables, or exfiltrate data to unexpected endpoints.

ℹ

Install Mechanism

There is no formal install spec in the registry (instruction-only), but the README tells users to install @membranehq/cli via npm (global install or npx). Using the official npm package is a reasonable approach, but installing global CLIs has moderate risk compared with no-install instruction-only skills—verify package origin and consider npx or pinned versions.

✓

Credentials

The skill declares no required env vars or secrets. It relies on a Membrane account and browser-based login for auth, which is proportional to the stated purpose. No unrelated credentials are requested.

✓

Persistence & Privilege

Skill is not marked always:true and does not request system persistence. The agent may invoke the skill autonomously (default), which is normal for skills and consistent with its purpose.

Assessment

This skill appears coherent, but before installing: 1) Confirm you trust the Membrane service and the @membranehq/cli npm package (check the publisher, GitHub repo, and package integrity). 2) Prefer running with npx or a pinned package version instead of a global npm -g install if you want to limit system-wide changes. 3) Understand that Membrane acts as a proxy and will handle CARTO credentials/server-side—review Membrane's privacy and data handling policies to ensure you are comfortable with them having access to your Carto data. 4) In headless or automated environments, review the login flow to avoid accidentally exposing auth codes. If you need a deeper assessment, provide the exact npm package metadata or the Membrane CLI repository tarball to verify provenance.

Like a lobster shell, security has layers — review code before you run it.

latestvk979xrfffrbn02kc35yrk5n1mx848gqh

License

MIT-0

Free to use, modify, and redistribute. No attribution required.

Termshttps://spdx.org/licenses/MIT-0.html

Carto

License

Comments