Firstup
v1.0.0Firstup integration. Manage data, records, and automate workflows. Use when the user wants to interact with Firstup data.
⭐ 0· 48·0 current·0 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The skill claims to integrate with Firstup and its SKILL.md consistently instructs the agent to use the Membrane CLI to discover and run Firstup actions or proxy API requests. Nothing requested (no env vars, no config paths) is outside what a connector integration would reasonably need.
Instruction Scope
Runtime instructions are limited to installing/using the Membrane CLI, logging in via browser, creating a connection, listing actions, running actions, and using Membrane's proxy. The instructions do not ask the agent to read unrelated files or exfiltrate data to unexpected endpoints.
Install Mechanism
The skill is instruction-only (no bundled code) and tells users to run npm install -g @membranehq/cli. Asking the user to install a third-party CLI via npm is reasonable for this integration but carries the normal npm risk (package install scripts can run code). The skill itself does not auto-download or execute code.
Credentials
No environment variables, credentials, or config paths are requested by the skill. The SKILL.md explicitly delegates auth to Membrane (browser-based OAuth flow) and advises against asking users for API keys, which is proportionate for the described purpose.
Persistence & Privilege
The skill is not marked always:true and requests no permanent system presence or access to other skills' configs. It can be invoked autonomously (the platform default), which is expected for a functional skill, and there are no extra privilege escalations requested.
Assessment
This skill appears coherent: it integrates with Firstup by directing you to use the Membrane CLI and a browser-based login flow, and it does not ask for unrelated secrets. Before installing or running, verify you trust the Membrane project and the @membranehq/cli npm package (review the package source or repository, permissions, and maintainer), be aware that npm global installs can execute install scripts, and avoid running it in highly sensitive or locked-down environments without review. Also confirm your organization allows delegating auth through a third-party proxy (Membrane) if you handle restricted data.Like a lobster shell, security has layers — review code before you run it.
latestvk974ean9kcjyjcjgqmg8z6yrps84cp0s
License
MIT-0
Free to use, modify, and redistribute. No attribution required.