Factorial
v1.0.0Factorial integration. Manage data, records, and automate workflows. Use when the user wants to interact with Factorial data.
⭐ 0· 60·0 current·0 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The skill is described as a Factorial (HR) integration and its runtime instructions use the Membrane CLI to access Factorial — this is coherent. Minor inconsistency: the manifest lists no required binaries, while SKILL.md explicitly requires installing and running the 'membrane' CLI.
Instruction Scope
SKILL.md confines actions to interacting with the Membrane CLI and using Membrane's proxy to call the Factorial API. It does not instruct reading unrelated files, harvesting environment variables, or contacting unexpected endpoints. Authentication flows are delegated to Membrane (browser-based OAuth), and the skill explicitly advises not to ask users for API keys.
Install Mechanism
The skill is instruction-only (no install spec). It instructs users to install @membranehq/cli via npm (npm install -g or npx). Installing from the public npm registry is a common pattern, but the skill could have declared the required binary in its manifest to be clearer.
Credentials
No environment variables or secrets are required by the manifest. The instructions intentionally avoid collecting API keys and use Membrane's hosted auth, which is proportionate to the stated purpose.
Persistence & Privilege
The skill is not marked always:true and does not ask to modify other skills or system-wide agent settings. It relies on user-installed CLI tooling but does not request persistent elevated privileges.
Assessment
This skill appears to do what it says: it uses the Membrane CLI to access Factorial. Before installing or running anything: (1) Confirm you trust the Membrane project and the npm package @membranehq/cli (check the package page, repository, and homepage https://getmembrane.com). (2) Be aware the instructions call for a global npm install or npx usage — installing npm packages runs code on your machine; prefer npx if you want to avoid global installs. (3) The CLI opens a browser-based login and manages credentials server-side; do not provide API keys directly. (4) The manifest should have declared the 'membrane' CLI dependency but did not — that’s a minor manifest omission rather than a functional or malicious issue. If you need higher assurance, request a manifest update that lists the required binary and a pointer to the official CLI package/release notes.Like a lobster shell, security has layers — review code before you run it.
latestvk97c1wn8740r5zwtz2g4v4f5jx8446t5
License
MIT-0
Free to use, modify, and redistribute. No attribution required.