Magnolia
v1.0.0Magnolia integration. Manage data, records, and automate workflows. Use when the user wants to interact with Magnolia data.
⭐ 0· 91·0 current·0 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
The name and description say 'Magnolia integration' and the SKILL.md exclusively documents using the Membrane CLI to connect to Magnolia, list/run actions, and proxy API requests. Required binaries/env vars are absent and consistent with an instruction-only skill that delegates auth and connectivity to Membrane.
Instruction Scope
Runtime instructions are narrowly scoped: install the Membrane CLI, run membrane login/connect/action/request commands, and use Membrane for auth and proxying. The SKILL.md does not ask the agent to read unrelated files, environment variables, or exfiltrate data. It explicitly advises not to collect API keys from users.
Install Mechanism
No install spec is baked into the skill (instruction-only). The guide tells the user to run 'npm install -g @membranehq/cli' (or npx). Installing a global npm package is a normal but non-trivial action: it's a public-registry install (moderate risk) and will place binaries on the system. Verify the npm package ownership and reputation before installing.
Credentials
The skill requests no environment variables or credentials and relies on Membrane to manage authentication. That is proportionate for a connector-style integration. Note: using Membrane means requests and credentials are handled server-side by Membrane (the proxy will see request contents).
Persistence & Privilege
The skill is not always-enabled and does not request elevated agent privileges. It suggests installing a CLI which will persist on the host only if the user runs the install commands; the skill itself does not attempt to modify other skills or system-wide agent settings.
Assessment
This skill appears to do what it claims: it uses the Membrane CLI to connect to Magnolia and run actions. Before installing or using it: 1) Verify @membranehq/cli is the official package (check npm owner, GitHub repo, and package downloads); prefer running via 'npx' if you want to avoid a global install. 2) Understand that Membrane acts as a proxy and will see API requests and possibly content from your Magnolia instance—review Membrane's privacy/security policies and trustworthiness. 3) The CLI login will create/retain authentication tokens locally and on Membrane; do not share secrets directly with the agent. 4) If you do not want autonomous agent behaviour, keep the skill user-invocable only or disable autonomous invocation in your agent settings. If you want higher assurance, ask the skill publisher for the repository/package verification or use an isolated environment (container/VM) to install and test the CLI.Like a lobster shell, security has layers — review code before you run it.
latestvk977h0t5xasba1p46kzra46v8d84hg9t
License
MIT-0
Free to use, modify, and redistribute. No attribution required.