Kandy
v1.0.2Kandy integration. Manage data, records, and automate workflows. Use when the user wants to interact with Kandy data.
⭐ 0· 105·0 current·0 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description (Kandy integration) align with the instructions, which consistently direct the agent and user to use the Membrane CLI to connect to Kandy and run actions. There are no unrelated credentials, binaries, or config paths requested.
Instruction Scope
SKILL.md only instructs installing and using the Membrane CLI (login, connect, action run, proxy). It does not ask the agent to read arbitrary files, export unrelated secrets, or call unexpected external endpoints beyond Membrane/Kandy. It explicitly advises not to ask users for API keys.
Install Mechanism
Install is via npm (npm install -g @membranehq/cli) and examples use npx. This is a common, traceable mechanism but does execute third-party code on the host and npx can fetch code dynamically (supply-chain risk). No arbitrary downloads or obscure URLs are used.
Credentials
The skill declares no environment variables, no credentials, and no config paths. Authentication is delegated to Membrane (browser-based OAuth flow), which is consistent with the stated purpose.
Persistence & Privilege
The skill is not always-enabled and uses normal agent invocation. It does not request elevated platform privileges or attempt to modify other skills or system-wide agent settings.
Assessment
This skill is internally consistent: it tells you to install and use the official Membrane CLI to manage a Kandy connection and run actions. Before installing, consider: (1) npm global install and npx execute third-party code—only install packages you trust and prefer pinned versions (e.g., @membranehq/cli@1.0.2) over unpinned latest to reduce supply-chain risk; (2) Membrane acts as a proxy and will send requests and authentication tokens through its servers—review Membrane's privacy/terms and ensure you are comfortable with that data flow; (3) installing a global CLI modifies the system PATH and writes files to disk—on shared or production machines, prefer a sandbox or container; (4) headless auth requires copying a code/URL—be mindful of where you paste or store that code. If you need higher assurance, inspect the @membranehq/cli package source or run it in an isolated environment first.Like a lobster shell, security has layers — review code before you run it.
latestvk97dtefkbhdhg0y9swcnq99ff9843bh7
License
MIT-0
Free to use, modify, and redistribute. No attribution required.