Lightstep
v1.0.0Lightstep integration. Manage data, records, and automate workflows. Use when the user wants to interact with Lightstep data.
⭐ 0· 51·0 current·0 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name/description (Lightstep integration) matches the instructions: the skill instructs use of the Membrane CLI to connect to Lightstep, list actions, run actions, and proxy API requests. Requiring a Membrane account is consistent with this design.
Instruction Scope
All runtime instructions are about installing and using the @membranehq/cli, logging in, creating a connector, listing/running actions, and proxying requests to Lightstep. The instructions explicitly delegate authentication and credential refresh to Membrane — this is expected for a proxy-based integration, but it means Membrane will see Lightstep credentials and proxied request/response data, which is a privacy/trust consideration.
Install Mechanism
There is no automated install spec in the registry, but SKILL.md instructs the user to run 'npm install -g @membranehq/cli'. Installing an npm CLI globally is a common pattern but carries moderate risk: you should verify the package publisher, repository, and package contents before installing and running it with network access.
Credentials
The skill does not request environment variables, tokens, or file paths. It explicitly advises against asking users for API keys and instead to create a connection through Membrane, which is proportionate to the stated purpose.
Persistence & Privilege
The skill is instruction-only, has always:false, and does not ask to modify other skills or system-wide settings. It does not request persistent privileges beyond installing and running the Membrane CLI under user control.
Assessment
This skill appears coherent, but before installing or using it: 1) Verify you trust Membrane (getmembrane.com/@membranehq) because their service will handle your Lightstep auth and see proxied requests/responses. 2) Inspect the @membranehq/cli npm package and its GitHub repo (verify publisher, recent commits, and issues) before running 'npm install -g'. 3) Review OAuth scopes/consent when you authenticate so you understand what access is granted to Membrane. 4) If handling sensitive production data, consider creating a least-privilege Lightstep account/project for the connector or testing in an isolated environment. 5) If you need higher assurance, ask the publisher for documentation on data handling, retention, and where credentials are stored/transmitted.Like a lobster shell, security has layers — review code before you run it.
latestvk9738k4razdw777t64bn8va3ns84c6sp
License
MIT-0
Free to use, modify, and redistribute. No attribution required.