Mason
v1.0.0Mason integration. Manage data, records, and automate workflows. Use when the user wants to interact with Mason data.
⭐ 0· 58·0 current·0 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name/description (Mason integration) matches the instructions: using the Membrane CLI to discover connections, run actions, and proxy API requests to Mason. Nothing required by the skill (no extra env vars, config paths, or unrelated binaries) is out of scope for this purpose.
Instruction Scope
SKILL.md confines actions to installing/using the Membrane CLI, logging in, listing connections/actions, running actions, and proxying requests. It does not instruct reading unrelated local files, pulling secrets from the environment, or sending data to arbitrary endpoints beyond Membrane/Mason.
Install Mechanism
The skill asks to install @membranehq/cli via npm (global install shown). This is a standard pathway for CLI tools but carries the usual moderate risk of installing code from the npm registry. The docs also use npx in examples (avoids global install), which is safer for casual use.
Credentials
No environment variables, credentials, or config paths are requested. The instructions explicitly recommend letting Membrane manage auth and not asking the user for API keys, which is proportionate to the described function.
Persistence & Privilege
The skill is not forced-always, does not request persistent system-wide modifications, and does not try to alter other skills. Autonomous invocation remains allowed (platform default) but is not combined with other concerning privileges.
Assessment
This skill is an instruction-only integration that tells the agent to use the Membrane CLI to interact with Mason. Before installing or using it: (1) verify you trust Membrane/@membranehq (review the npm package and the GitHub repo) because your requests and auth are proxied through their service; (2) prefer using npx or a local install instead of a global npm -g install if you want to avoid adding global binaries; (3) avoid using the integration for highly sensitive secrets unless you trust the Membrane service and your organization’s policy; and (4) test in a sandbox account first to confirm behavior and outputs match expectations.Like a lobster shell, security has layers — review code before you run it.
latestvk974p31e8nyayxmb91d4f4d4hx84a84p
License
MIT-0
Free to use, modify, and redistribute. No attribution required.