Keycloak
v1.0.0Keycloak integration. Manage data, records, and automate workflows. Use when the user wants to interact with Keycloak data.
⭐ 0· 51·0 current·0 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name/description (Keycloak integration) match the runtime instructions: using Membrane to connect to Keycloak, list actions, and proxy API requests. Required capabilities (network access and a Membrane account) are consistent with that purpose.
Instruction Scope
SKILL.md confines its instructions to installing and using the @membranehq/cli to authenticate and call Keycloak via Membrane. It does not instruct reading unrelated system files or harvesting env vars; all commands shown are directly relevant to discovering and invoking Keycloak actions.
Install Mechanism
The skill is instruction-only (no install spec), but recommends installing a global npm package (`npm install -g @membranehq/cli`). Installing global npm packages is a normal route for CLI tools but does execute third-party code on the host and carries the usual npm provenance risk. The skill itself does not automatically download or execute anything.
Credentials
No environment variables, config paths, or credentials are requested by the skill. Authentication is delegated to Membrane via browser login/connection flows, which aligns with the stated guidance to avoid asking users for API keys or tokens locally.
Persistence & Privilege
The skill does not request permanent presence (always:false) and does not instruct modifying other skills or global agent configuration. Autonomous invocation is allowed (platform default) but is not coupled with broad privileges or credential requests.
Assessment
This skill appears coherent: it uses the Membrane CLI to mediate access to Keycloak rather than storing or asking for keys locally. Before installing or using it: (1) verify you trust the @membranehq npm package and its publisher (npm install -g runs third‑party code with system scope); (2) understand that by creating a Membrane connection you are delegating Keycloak auth to Membrane (they will see tokens/requests as the proxy provider); (3) run CLI commands in a controlled environment if you have sensitive data; and (4) if you need an offline or self-hosted integration, prefer direct Keycloak API usage under your own control. If any of these trust assumptions are unacceptable, do not install or use the Membrane-mediated flow.Like a lobster shell, security has layers — review code before you run it.
latestvk97dv1hg6jatwjq2cyedvqhrb584e10e
License
MIT-0
Free to use, modify, and redistribute. No attribution required.