Myotpapp
v1.0.2MyOTP.App integration. Manage Users, Organizations, Roles, Goals, Filters, Projects. Use when the user wants to interact with MyOTP.App data.
⭐ 0· 123·0 current·0 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name/description match the instructions: all runtime steps are about discovering connectors, creating a connection, running actions, or proxying requests through Membrane. No unrelated services, env vars, or binaries are requested.
Instruction Scope
SKILL.md limits actions to installing and using the Membrane CLI, logging in, listing/searching connections, running actions, and proxying API requests. It does not instruct reading arbitrary local files or accessing unrelated environment variables.
Install Mechanism
There is no formal install spec in the registry, but the doc recommends installing the @membranehq/cli globally via npm (or using npx). This is a standard approach but means executing third‑party code on the host; the doc does not include a pinned release or checksum.
Credentials
The skill requests no environment variables or local credentials. However, it depends on a Membrane account and uses Membrane as a proxy that will see proxied requests and manage credentials server‑side — users should understand that sensitive data (user lists, OTP-related data) will pass through Membrane.
Persistence & Privilege
The skill is not always-enabled, is user-invocable, and does not request modification of other skill configs or system-wide settings. It does not declare elevated persistence or privileges.
Assessment
This skill appears to do what it says: it instructs using the Membrane CLI to connect to MyOTP.App and does not ask for unrelated credentials. Consider these precautions before installing/using it: 1) The instructions recommend installing a global npm package (@membranehq/cli) — prefer npx @membranehq/cli@latest if you want to avoid a global install, or review the package source before installing. 2) Membrane acts as a proxy and will see requests and hold connection credentials server-side — only use this if you trust Membrane (https://getmembrane.com) for handling sensitive data. 3) In sensitive environments, test the CLI in a sandbox or on a separate account first. 4) Avoid pasting secrets into chat; follow the described browser-based auth flow so credentials stay with Membrane. If you want more assurance, ask the publisher for a pinned CLI release or repository/hash for the CLI package.Like a lobster shell, security has layers — review code before you run it.
latestvk97cjcpznq7bpb85hphme0ess9843nja
License
MIT-0
Free to use, modify, and redistribute. No attribution required.