Graceblocks
v1.0.2Graceblocks integration. Manage Organizations, Users. Use when the user wants to interact with Graceblocks data.
⭐ 0· 98·0 current·0 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
The skill's stated purpose (Graceblocks integration) matches the runtime instructions (use Membrane to connect and proxy to Graceblocks). However, the registry metadata lists no required binaries while the SKILL.md clearly instructs installing and using the `membrane` CLI; that mismatch is a documentation/inventory omission.
Instruction Scope
SKILL.md only instructs using the Membrane CLI to authenticate, list connections, run actions, and proxy requests to Graceblocks. It does not instruct reading unrelated files or environment variables, nor does it ask to transmit data to endpoints outside Membrane/Graceblocks. The instructions include interactive auth flows and proxying arbitrary API paths via Membrane (expected for this use case).
Install Mechanism
There is no formal install spec in the registry (instruction-only), but the doc instructs users to run `npm install -g @membranehq/cli`. Installing a global npm package is normal for a CLI but carries the usual supply-chain considerations; the SKILL.md points to an official homepage/repo which helps traceability.
Credentials
The skill does not request environment variables or credentials in the manifest. Authentication is handled interactively via the Membrane CLI/browser flow, which is appropriate and proportionate for this integration. Users should still review what scopes/permissions are granted during login.
Persistence & Privilege
The skill is not set to always:true and is user-invocable. It does not request persistent agent privileges or modify other skills' configuration in its instructions. Autonomous invocation is allowed by platform default but not unusually privileged here.
Assessment
This skill is instruction-only and uses the Membrane CLI to access Graceblocks, which is coherent with its description. Before installing or using it: 1) Verify the @membranehq/cli package on npm (author, download counts, repo) so you trust the CLI you will install globally. 2) Be prepared to authenticate via your browser and review the OAuth/scopes that Membrane requests — these determine what data the CLI (and thus the skill) can access. 3) Consider running the CLI in a controlled environment (container or dedicated machine) if you are cautious about installing global npm packages. 4) If you want stricter control over agent behavior, disable autonomous invocation for the skill or restrict when it may be used. 5) Note the small manifest inconsistency (the skill does not declare the membrane binary as a required binary); this looks like a documentation omission rather than malicious behavior, but you can request the publisher to fix the manifest for clarity.Like a lobster shell, security has layers — review code before you run it.
latestvk973cgemydxwd7b24b0mf05ah1843mww
License
MIT-0
Free to use, modify, and redistribute. No attribution required.