Intellihr
v1.0.0IntelliHR integration. Manage data, records, and automate workflows. Use when the user wants to interact with IntelliHR data.
⭐ 0· 34·0 current·0 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description clearly describe an IntelliHR integration and the SKILL.md consistently instructs use of the Membrane CLI and Membrane connections to operate on IntelliHR data. Required capabilities (network access, Membrane account) are appropriate for the stated purpose.
Instruction Scope
Instructions stay within the integration scope (discover actions, run actions, proxy requests). They instruct using Membrane to proxy requests to the IntelliHR API; this means data and requests will traverse Membrane's servers — not a mismatch but an important privacy/third-party trust consideration.
Install Mechanism
No install spec in the manifest, but SKILL.md instructs installing @membranehq/cli via npm (global). Installing a third-party npm CLI is a normal step for this workflow but carries the usual supply-chain risk; the skill itself does not bundle or download code.
Credentials
The skill declares no required env vars or credentials. Authentication is delegated to Membrane (user runs membrane login/connect). The lack of direct credential requests is proportionate; however, using Membrane implies granting that service access to IntelliHR on your behalf, so trust in Membrane is required.
Persistence & Privilege
The skill does not request always:true, does not change other skills' configs, and has no install-time persistence specified. Autonomous invocation is allowed (platform default) but not combined with extra privileges.
Assessment
This skill is internally coherent: it directs you to use the Membrane CLI to connect to IntelliHR and does not ask for unrelated secrets. Before installing/use, verify and accept the following: 1) Trust: Membrane will broker access to your IntelliHR data — review Membrane's privacy, support, and security practices and ensure your org permits a third-party proxy. 2) CLI supply-chain: installing @membranehq/cli from npm is required; check the package author, recent version, and changelog (or inspect the source) before global install. 3) Least privilege: when you create the connection, review the connector scopes and permissions it requests. 4) Sensitive data: avoid passing highly sensitive secrets via ad-hoc requests unless you understand where they are stored/transmitted. 5) Headless/automation: follow the documented headless flow, and confirm any codes or tokens are handled per your security policies. If you need higher assurance, ask the publisher for a signed release link or review the CLI source in the referenced repository.Like a lobster shell, security has layers — review code before you run it.
latestvk978cka308x275pvbnq3y0n0bx846v2z
License
MIT-0
Free to use, modify, and redistribute. No attribution required.