Groovehq
v1.0.2GrooveHQ integration. Manage Tickets, Customers, Users, Groups, Labels, Reports. Use when the user wants to interact with GrooveHQ data.
⭐ 0· 83·0 current·0 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description (GrooveHQ integration) match the instructions: all commands and examples are about installing Membrane and interacting with GrooveHQ via Membrane connectors and proxy requests.
Instruction Scope
SKILL.md only instructs the agent to install and run the Membrane CLI, create/list connections, run actions, and proxy requests to the GrooveHQ API. It does not ask the agent to read unrelated files, export environment variables, or exfiltrate data to third-party endpoints outside Membrane/GrooveHQ.
Install Mechanism
The skill is instruction-only (no install spec). It directs users to install @membranehq/cli via `npm install -g`, which is a reasonable dependency for a CLI-based integration but does introduce a third-party global package into the environment—verify the package/source before installing.
Credentials
No environment variables, credentials, or config paths are requested by the skill. The SKILL.md explicitly advises against asking users for API keys and relies on Membrane to manage auth, which is proportionate to the stated purpose.
Persistence & Privilege
always is false and the skill does not request long-term elevated presence or modify other skills. It requires the user to run/install the Membrane CLI locally, which is normal for CLI-driven integrations.
Assessment
This skill appears coherent with its stated purpose. Before installing or using it: 1) Verify the authenticity of the @membranehq/cli package (check the npm page, project repo, and homepage) before running a global npm install. 2) Understand that using the skill means the Membrane CLI (and Membrane's cloud/service) will mediate authentication and can access your GrooveHQ account — review Membrane's privacy/security documentation and the connector permissions. 3) In headless or automated environments, be careful with browser-based login flows and any printed codes. 4) If you want to limit risk, run the CLI in an isolated environment (container or dedicated machine) and avoid global installs. 5) Note that the agent (if allowed to invoke skills autonomously) could run these Membrane commands to access GrooveHQ data; restrict autonomous skill invocation if you do not want that behavior.Like a lobster shell, security has layers — review code before you run it.
latestvk97fjkz1v2cp67jv142r6hmcr18424kh
License
MIT-0
Free to use, modify, and redistribute. No attribution required.