Diabatix Coldstream
v1.0.2Diabatix ColdStream integration. Manage data, records, and automate workflows. Use when the user wants to interact with Diabatix ColdStream data.
⭐ 0· 97·0 current·0 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name/description state this integrates with Diabatix ColdStream and all runtime instructions use the Membrane CLI to discover connectors, create connections, run actions, and proxy requests — which is coherent with the stated purpose. No unrelated credentials, binaries, or file paths are requested.
Instruction Scope
SKILL.md only instructs installing/using the @membranehq/cli, logging in via browser, creating connections, listing/running actions, and proxying API requests through Membrane. It does not ask the agent to read arbitrary local files, access unrelated environment variables, or transmit data to unexpected endpoints. It explicitly advises not to ask users for API keys.
Install Mechanism
This is an instruction-only skill (no install spec). It recommends installing the Membrane CLI via npm (global install) or using npx. Requiring an npm package is reasonable for a CLI-based integration, but installing global npm packages will write binaries to disk—users should review the @membranehq/cli package on npm/GitHub before installing.
Credentials
No environment variables, primary credential, or config paths are required by the skill. The instructions state that Membrane handles credentials server-side and explicitly recommends creating connections instead of asking users for API keys—this is proportionate to the stated functionality.
Persistence & Privilege
The skill is not forced always-on (always:false) and is user-invocable. disable-model-invocation is false (agent can invoke autonomously), which is the platform default; combined with the lack of requested credentials and the instruction-only nature, this does not introduce excessive privilege on its own.
Assessment
This skill is coherent but depends on trusting the Membrane service and its CLI. Before installing or running commands: 1) review the @membranehq/cli package on npm and its GitHub repo (verify maintainers and recent activity); 2) prefer using npx for one-off runs to avoid a global install, or inspect the installed binaries if you install globally; 3) understand that Membrane will proxy requests and hold connection tokens server-side—only proceed if you trust getmembrane.com/Membrane's privacy/security practices; 4) avoid pasting any unrelated secrets into prompts; and 5) if you later want to revoke access, remove the connection via your Membrane account. The skill itself does not ask for unrelated credentials or system access.Like a lobster shell, security has layers — review code before you run it.
latestvk97exw6ky2v21n8sjr62rq6d9x842951
License
MIT-0
Free to use, modify, and redistribute. No attribution required.