Lastpass Enterprise Api
v1.0.2LastPass Enterprise API integration. Manage data, records, and automate workflows. Use when the user wants to interact with LastPass Enterprise API data.
⭐ 0· 124·0 current·0 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
Name/description match the SKILL.md. All required operations (discovering actions, running actions, and proxying LastPass endpoints) are performed via the Membrane CLI; there are no unrelated env vars, binaries, or config paths requested.
Instruction Scope
SKILL.md stays within the expected scope: it directs the agent/operator to install and use the Membrane CLI, perform login via browser, create a connector and connection, list actions, run actions, and optionally proxy arbitrary LastPass API paths. The proxy capability enables arbitrary requests to LastPass endpoints (expected for an API integration) but also means all proxied requests and responses flow through Membrane.
Install Mechanism
The skill is instruction-only (no install spec), but tells users to run `npm install -g @membranehq/cli` (and uses npx elsewhere). Installing a global npm package writes software to disk and requires trusting the @membranehq package and the npm registry. This is a common but non‑zero risk—no obscure download URLs are used.
Credentials
The skill requests no local credentials or env vars, which is coherent. However, it relies on Membrane to manage LastPass auth server‑side: that means Membrane will have access to LastPass data and credentials (via the connector/proxy). Users must knowingly trust Membrane with highly sensitive data; the SKILL.md does not document data handling, retention, or where secrets are stored.
Persistence & Privilege
The skill itself is not always-enabled and has no autonomous special privileges. Installing the Membrane CLI (global npm) creates a persistent binary on the system, which is expected for a CLI-centric integration but is a permanent change to the environment.
Assessment
This skill is coherent: it instructs you to use the Membrane CLI to connect to LastPass Enterprise and to proxy API calls. Before installing or using it, verify you trust Membrane (@membranehq) because authentication and API traffic will be handled server-side by their service (they will see requests/responses and hold connector credentials). Consider: (1) review Membrane's privacy/security docs and confirm how LastPass data is stored/retained; (2) prefer `npx` or one-off use if you want to avoid a global npm install; (3) use a least-privilege LastPass account for testing and monitor access; (4) if you require direct control over credentials/traffic, consider using LastPass's official APIs directly instead of a third-party proxy. If you cannot or do not want to trust Membrane with sensitive secrets, do not install/run this skill.Like a lobster shell, security has layers — review code before you run it.
latestvk976d69brfmtrh123ct9569fsd843nbf
License
MIT-0
Free to use, modify, and redistribute. No attribution required.