Crowdpower
v1.0.2CrowdPower integration. Manage Organizations, Users, Goals, Filters. Use when the user wants to interact with CrowdPower data.
⭐ 0· 103·0 current·0 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name/description match the instructions: the SKILL.md directs use of the Membrane CLI to connect to CrowdPower, run pre-built actions, or proxy raw API calls. Nothing in the instructions asks for unrelated services, binaries, or secrets.
Instruction Scope
Instructions stay within scope (install Membrane CLI, login via browser, create/connect to CrowdPower connector, run actions, or proxy requests). Important: using the Membrane proxy or actions will send requests and payloads through Membrane's service (including auth headers and request bodies), so user data and API calls are transmitted to Membrane servers — this is expected for a proxy-based integration but worth explicit user awareness.
Install Mechanism
No platform install spec exists, but the SKILL.md tells users to run `npm install -g @membranehq/cli`. Installing a global npm package executes code from the npm registry (moderate risk); verify the package and publisher before installing. The install method itself is proportionate to the stated purpose.
Credentials
The skill requests no environment variables or other credentials in the manifest. Authentication is handled via Membrane login (browser-based OAuth flow). There are no unexplained secret requests.
Persistence & Privilege
always is false and there is no install hook in the registry. This instruction-only skill does not request persistent platform privileges or modifications to other skills or system-wide settings.
Assessment
This skill appears to do what it says: it uses the Membrane CLI to interact with CrowdPower. Before installing or using it, consider: (1) Installing `@membranehq/cli` runs code from npm — verify the package and publisher. (2) Membrane acts as a proxy for API calls and will see request payloads and auth headers; review Membrane's privacy/security documentation and the connector permissions you grant. (3) The skill will open a browser login flow (or provide a URL for headless environments) — confirm you trust the login flow and tenant you log into. (4) If you need to avoid transmitting sensitive data to third parties, don’t use the proxy/raw request paths and consider using direct, audited integrations instead. Overall the skill is coherent with its stated purpose; these are the trust-and-data-transmission decisions you should make before proceeding.Like a lobster shell, security has layers — review code before you run it.
latestvk977yf0qm4nhf09jbdc9hb7rmd842ww8
License
MIT-0
Free to use, modify, and redistribute. No attribution required.