Ghost Inspector
v1.0.0Ghost Inspector integration. Manage data, records, and automate workflows. Use when the user wants to interact with Ghost Inspector data.
⭐ 0· 64·0 current·0 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name/description (Ghost Inspector integration) align with the instructions, which all center on using the Membrane CLI to manage Ghost Inspector resources. Required resources (network access and a Membrane account) are appropriate for this integration.
Instruction Scope
SKILL.md confines runtime actions to installing and using the Membrane CLI, discovering connectors/actions, running actions, and proxying API requests through Membrane. One important runtime implication: proxying sends requests (and their payloads) through Membrane's servers, so any data you send will transit or be handled by that service. This is expected for a proxy-based integration but is a privacy/third-party-data-flow consideration rather than an incoherence.
Install Mechanism
No install spec in the skill bundle, but the instructions ask the user to run `npm install -g @membranehq/cli`. Installing a CLI via the public npm registry is typical for a helper CLI; it's moderate risk in general (third-party code executed locally) but proportionate to the stated purpose. There are no download URLs or archive extraction steps in the skill itself.
Credentials
The skill declares no required environment variables or credentials and explicitly instructs not to ask the user for Ghost Inspector API keys (Membrane manages auth). That is coherent with the use of a hosted connector/proxy.
Persistence & Privilege
always is false, no config paths or system-wide modifications are requested, and the skill does not instruct modifying other skills. The agent would need network access and a Membrane account but no elevated/system-level privileges are requested.
Assessment
This skill appears to do exactly what it says: use the Membrane CLI to interact with Ghost Inspector. Before installing, consider: (1) the Membrane CLI is installed via npm (-g), so review the @membranehq/cli package and trustworthiness of its maintainer; (2) using the skill means authentication and API requests are handled by Membrane — any data (test definitions, results, or request payloads) will transit or be stored by their service, so ensure you’re comfortable with that third-party data flow and their privacy/security posture; (3) for headless/server environments you’ll need to follow the login-complete flow described (browser or manual code); and (4) if you prefer not to route data through a third party, a direct Ghost Inspector integration (with local handling of API keys) would be an alternative. If you need deeper assurance, ask the publisher for the package repo, audit the CLI code, and verify Membrane’s privacy/security docs.Like a lobster shell, security has layers — review code before you run it.
latestvk97d6qf2ayb6w8b719ncqp621n84ap2v
License
MIT-0
Free to use, modify, and redistribute. No attribution required.