Deepgram
v1.0.2Deepgram integration. Manage Projects. Use when the user wants to interact with Deepgram data.
⭐ 0· 104·0 current·0 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name/description say Deepgram integration and the SKILL.md exclusively instructs using the Membrane CLI to connect to Deepgram, list/run actions, and proxy requests — this aligns with the stated purpose.
Instruction Scope
Instructions stay within scope (install Membrane CLI, login, create/connect, run actions, or proxy Deepgram requests). Important privacy/flow note: proxying via Membrane means requests and payloads (audio, transcripts, metadata) will transit through Membrane servers — the documentation explicitly describes this. The instructions do not ask the agent to read unrelated files or environment variables.
Install Mechanism
No automated install spec is embedded in the skill, but the SKILL.md recommends `npm install -g @membranehq/cli`. This is a public npm package (traceable) rather than an arbitrary download, but global npm installs require elevated permissions and you should review the package source and maintainers before installing.
Credentials
The skill declares no required environment variables or credentials and advises using Membrane-managed connections rather than local API keys. That is proportionate; however, be aware that authentication and requests are brokered via Membrane (an external service) so you must trust their storage/handling of credentials and data.
Persistence & Privilege
The skill is instruction-only, has no install-time persistence or always:true flag, and does not request permission to modify other skills or global agent settings.
Assessment
This skill appears to do exactly what it claims: it guides you to use the Membrane CLI to manage Deepgram resources. Before you install or use it: (1) understand that Membrane will broker authentication and proxy API calls — sensitive audio/transcripts will transit Membrane servers, so review their privacy/security policies and whether that fits your data handling requirements; (2) inspect the @membranehq/cli package and repository (source, maintainers, recent activity) before running a global npm install; (3) note global npm installs may require elevated permissions; (4) the skill itself does not request local secrets, but creating the connection will involve authenticating via your browser — confirm the login flow and redirect domains are legitimate. If any of those trust or privacy points are unacceptable, do not proceed.Like a lobster shell, security has layers — review code before you run it.
latestvk9736m37ry5yev5tasb005909s843wcg
License
MIT-0
Free to use, modify, and redistribute. No attribution required.