Deftship
v1.0.0Deftship integration. Manage data, records, and automate workflows. Use when the user wants to interact with Deftship data.
⭐ 0· 33·0 current·0 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name/description (Deftship integration) matches the runtime instructions: using the Membrane CLI to connect and proxy requests to Deftship. There are no unrelated environment variables, binaries, or config paths requested.
Instruction Scope
SKILL.md stays within scope: it tells the user/agent how to install/use the Membrane CLI, authenticate, create connections, list actions, run actions, and proxy requests. It does not instruct reading unrelated files, harvesting local credentials, or sending data to unexpected endpoints.
Install Mechanism
There is no formal install spec in the registry, but the instructions recommend installing @membranehq/cli via npm -g or using npx. Using a public npm package is a common pattern; however, global npm installs modify the system and npx@latest fetches the latest remote code each run (supply-chain risk). Consider pinning a specific CLI version and verifying the package/source before installing.
Credentials
The skill requests no environment variables or secrets and explicitly instructs not to ask users for API keys. Authentication is handled by Membrane (browser-based login/connection flow), which is proportional to the stated purpose.
Persistence & Privilege
Skill has no always:true flag and does not request persistent system-wide privileges or modify other skills. It is user-invocable and can be invoked autonomously (platform default), which is expected for integrations.
Assessment
This skill is coherent: it uses the Membrane CLI to access Deftship and asks you to authenticate via Membrane rather than provide raw API keys. Before installing or running commands, verify the CLI package (@membranehq/cli) and repository links (check npm and the GitHub repo) to ensure you trust the source. Prefer using npx with a pinned version (e.g., npx @membranehq/cli@<version>) instead of installing -g or always using @latest to reduce supply-chain risk. Expect network traffic to Membrane and Deftship when you run actions; do not paste secrets into command arguments, and review Membrane’s privacy/security docs if you need assurance about how your Deftship credentials and data are handled.Like a lobster shell, security has layers — review code before you run it.
latestvk97en3nfq483k3efj6gy12sran846amf
License
MIT-0
Free to use, modify, and redistribute. No attribution required.