Foundriesio
v1.0.2Foundries.io integration. Manage data, records, and automate workflows. Use when the user wants to interact with Foundries.io data.
⭐ 0· 96·0 current·0 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The SKILL.md consistently describes a Foundries.io integration implemented via the Membrane CLI. However, the skill metadata declares no required binaries or credentials while the runtime instructions require installing and running the 'membrane' CLI (npm/@membranehq/cli) and therefore implicitly require Node/npm and network access. This is a minor declaration mismatch but not a functional incoherence.
Instruction Scope
Instructions stay within the integration scope: logging into Membrane, creating a Foundries connector, listing and running actions, and using Membrane's proxy to call Foundries.io endpoints. Nothing in the SKILL.md directs the agent to read unrelated local files or other credentials. Note: 'membrane request' lets you send arbitrary proxied requests to Foundries.io via Membrane, which is expected for this purpose but broad in capability.
Install Mechanism
This is an instruction-only skill (no install spec), but it tells users to install @membranehq/cli globally with npm (npm install -g). That implies code will be written to disk and requires Node/npm; the registry metadata did not declare these required binaries. Using npm is a common supply chain source but is a moderate-risk install compared with relying only on preinstalled tools.
Credentials
The skill does not request local environment variables or API keys and explicitly advises not to collect user API keys. Instead, it relies on a Membrane account and connections where Membrane manages credentials server-side. This is proportionate to the stated purpose, but it means Foundries.io credentials and proxied request data pass through Membrane's servers — a privacy/trust consideration the user should accept.
Persistence & Privilege
The skill does not request persistent inclusion (always: false), does not modify other skills, and contains no install-time scripts in the bundle. Autonomous invocation (default) is permitted but not combined with other red flags.
Assessment
This skill is coherent: it uses the Membrane CLI to connect to Foundries.io rather than asking for raw API keys. Before installing, make sure you have Node/npm if you plan to follow the SKILL.md (the skill metadata didn't list them), and verify you trust Membrane (https://getmembrane.com) because credentials and proxied requests will transit their servers. Also confirm you are comfortable installing an npm global package (@membranehq/cli) and that your environment allows opening a browser for the login flow (or using the provided headless completion method). If you prefer not to route data through a third party, do not use this skill.Like a lobster shell, security has layers — review code before you run it.
latestvk97eq449s5m7z2wc9cg0bp4nxs8423rh
License
MIT-0
Free to use, modify, and redistribute. No attribution required.