Knack
v1.0.2Knack integration. Manage Organizations. Use when the user wants to interact with Knack data.
⭐ 0· 108·0 current·0 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name and description claim a Knack integration for managing data; the SKILL.md describes using Membrane to list, run, and proxy Knack actions (create/update/get/list/delete records), which aligns with that purpose.
Instruction Scope
Runtime instructions only tell the agent to install and run the Membrane CLI, log in (browser-based flow), create/list connections, run actions, and proxy API requests through Membrane. There are no instructions to read unrelated files, export environment variables, or exfiltrate data to unexpected endpoints.
Install Mechanism
The skill is instruction-only (no install spec), but it advises installing @membranehq/cli globally via npm (npm install -g). Installing a global npm CLI runs third-party code from the npm registry — this is common for CLIs but does require you to trust the @membranehq/cli package and the npm ecosystem.
Credentials
The skill declares no required environment variables or credentials and explicitly instructs not to ask users for API keys. Authentication is delegated to Membrane's browser-based flow. No unrelated secrets or config paths are requested.
Persistence & Privilege
always is false and the skill does not request permanent platform presence or modify other skills' configs. It relies on the Membrane CLI and user login; autonomous invocation remains possible (platform default) but is not combined with broad credentials or other red flags.
Assessment
This skill is coherent: it delegates Knack auth and API access to the Membrane service and CLI. Before installing: (1) confirm you trust the @membranehq/cli npm package and the getmembrane.com service, since the CLI executes code on your machine; (2) prefer running installs in a controlled environment (e.g., container or development machine) if you have concerns about global npm packages; (3) verify the Membrane account and connector being used have the minimum necessary permissions for your data; and (4) avoid entering unrelated secrets into chat or CLI prompts. If you need higher assurance, inspect the Membrane CLI source (github.com/membranedev) and review its permissions/behavior before installing.Like a lobster shell, security has layers — review code before you run it.
latestvk972zqkfxq6bvnp9mb3b1jnedn8421wq
License
MIT-0
Free to use, modify, and redistribute. No attribution required.