Inplayer
v1.0.0InPlayer integration. Manage data, records, and automate workflows. Use when the user wants to interact with InPlayer data.
⭐ 0· 59·0 current·0 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The skill's name and description match the runtime instructions: it uses the Membrane CLI to connect to and operate on InPlayer resources. No unrelated credentials, binaries, or config paths are requested.
Instruction Scope
SKILL.md confines runtime activity to using the Membrane CLI (login, connection creation, action listing/running, and proxying requests to InPlayer). It does not instruct reading unrelated local files or environment variables. The proxy feature allows arbitrary InPlayer API calls, which is expected for full integration.
Install Mechanism
The skill is instruction-only (no built-in install spec) but instructs users to install @membranehq/cli globally via npm. Installing a global npm package is reasonable for this use case but carries the usual supply-chain risks of third-party packages; the SKILL.md points to official Membrane resources.
Credentials
No environment variables or secrets are requested by the skill; authentication is delegated to Membrane (browser-based login/tenant flow). The lack of extra credential requests is appropriate and proportionate.
Persistence & Privilege
The skill does not request always:true and does not instruct modifying other skills or system-wide settings. It relies on the Membrane service for credential storage and proxying, which is consistent with its purpose.
Assessment
This skill is coherent: it requires installing the Membrane CLI (npm -g @membranehq/cli) and a Membrane account to create connections to InPlayer. Before installing or using it: (1) verify the @membranehq/cli package on the npm registry and prefer installing from an account/release you trust; (2) understand that Membrane will mediate access to your InPlayer account — review Membrane's access, privacy, and permissions policies before granting access; (3) be cautious installing global npm packages (avoid running as root, consider using a local or containerized environment); and (4) note that the proxy feature can call any InPlayer endpoint, so only use it with trusted credentials and scopes. There were no static-scan findings in the provided files.Like a lobster shell, security has layers — review code before you run it.
latestvk972m60v95hg8s5f0sw97hwv45844bmp
License
MIT-0
Free to use, modify, and redistribute. No attribution required.