Dub
v1.0.2Dub integration. Manage Links, Workspaces. Use when the user wants to interact with Dub data.
⭐ 0· 91·0 current·0 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description (Dub integration) align with the instructions: all commands and flows use Membrane to connect to Dub, list actions, run actions, or proxy API requests. Nothing in the SKILL.md requests access to unrelated services or secrets.
Instruction Scope
SKILL.md strictly instructs use of the Membrane CLI (install, login, connect, action run, request). It does not ask the agent to read arbitrary files, environment variables, or system credentials. It explicitly advises not to ask users for API keys and to let Membrane manage auth.
Install Mechanism
This is an instruction-only skill (no install spec), but SKILL.md instructs installing the Membrane CLI via `npm install -g @membranehq/cli`. That is a reasonable and common distribution method, but it requires global npm install privileges on the host and pulls code from the npm registry — users should verify the package (publisher, npm page, GitHub repo) before installing, especially on sensitive systems.
Credentials
The skill requests no environment variables, config paths, or secrets. Authentication is delegated to Membrane; the skill does not ask for API keys or unrelated credentials. This is proportionate to the stated purpose.
Persistence & Privilege
The skill does not set always:true and has no install-time write actions in the bundle. However, using Membrane means requests and credentials are handled server-side by Membrane (the proxy), so user data and API calls will transit Membrane's service — consider the privacy/trust implications before connecting sensitive accounts.
Assessment
This skill appears to do what it says: it relies on the Membrane CLI to connect to Dub and does not request unrelated secrets. Before installing or using it, consider: 1) you will need to install a global npm package (@membranehq/cli) — verify the package owner and repository on npm/GitHub; 2) authentication and proxied API requests go through Membrane's servers, so review their privacy/security policies if you plan to connect sensitive accounts; 3) headless or CI environments may require the login-complete flow described; and 4) avoid entering local system secrets — the skill explicitly advises not to request API keys. If any of these are unacceptable (e.g., you cannot trust a third-party proxy), do not install or use this integration.Like a lobster shell, security has layers — review code before you run it.
latestvk9787dd3w2md3k7wxja379q3wn8435ny
License
MIT-0
Free to use, modify, and redistribute. No attribution required.