Cdr Platform
v1.0.2CDR Platform integration. Manage data, records, and automate workflows. Use when the user wants to interact with CDR Platform data.
⭐ 0· 123·0 current·0 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The README-style instructions consistently describe using the Membrane CLI to connect to and call the CDR Platform. Requiring a Membrane account and using membrane commands (connect, action run, request) is coherent with 'CDR Platform integration.'
Instruction Scope
The SKILL.md only instructs the agent/operator to install and run the Membrane CLI and to perform browser-based OAuth flows or proxy requests via Membrane. It does not direct reading unrelated files, accessing unrelated env vars, or exfiltrating data to unexpected endpoints. It does, however, route requests through Membrane (a third-party service), which is expected but worth noting.
Install Mechanism
There is no formal install spec in the skill metadata; the SKILL.md tells the user to run `npm install -g @membranehq/cli`. Installing a global npm CLI is a standard way to obtain a CLI but carries the usual risks of running third-party code from the npm registry (global install affects system PATH and may require elevated permissions).
Credentials
The skill declares no required environment variables, config paths, or credentials. The instructions explicitly state not to ask users for API keys and to let Membrane manage credentials, which is consistent and proportionate to the described function.
Persistence & Privilege
The skill does not request always:true, does not modify other skills or system-wide configs, and is not prescriptive about long-lived privileges. Model invocation is allowed (platform default), which is normal for an integration skill.
Assessment
This skill appears to do what it says: it uses the Membrane CLI to access CDR Platform APIs. Before installing or using it, consider the following: (1) Installing @membranehq/cli with `npm install -g` will place third-party code on your system—verify the package and publisher on the npm/GitHub pages and prefer a contained environment (local node install, container, or VM) if you want isolation. (2) Requests and authentication will be proxied through Membrane (getmembrane.com); review their privacy/security policy because your CDR data and tokens will transit/possibly be stored or handled by that service. (3) Use least-privilege accounts when granting access, and avoid sharing secrets in chat. (4) If you need a fully air-gapped or self-hosted integration, confirm whether Membrane offers an on-prem or enterprise option. Overall there are no glaring incoherences, but evaluate trust in the Membrane service and the npm package before proceeding.Like a lobster shell, security has layers — review code before you run it.
latestvk97e16h6eggqf5p4nc4gpcnmz184276n
License
MIT-0
Free to use, modify, and redistribute. No attribution required.