Niftyimages
v1.0.2NiftyImages integration. Manage Accounts. Use when the user wants to interact with NiftyImages data.
⭐ 0· 100·0 current·0 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name/description (NiftyImages integration) align with the runtime instructions: all actions use the Membrane CLI and Membrane proxy to access NiftyImages. Minor note: the registry metadata lists no required binaries, but the SKILL.md instructs the user to install the @membranehq/cli via npm — this is an instruction-only skill (no automatic installs), so the discrepancy is informational rather than deceptive.
Instruction Scope
SKILL.md confines runtime actions to installing/using the Membrane CLI, creating connections, listing/running actions, and optionally proxying raw API calls through Membrane. It does not instruct reading unrelated files, accessing unrelated env vars, or exfiltrating data to unknown endpoints.
Install Mechanism
No install spec is embedded in the registry (instruction-only). The guide tells users to run `npm install -g @membranehq/cli`. Installing an npm package globally is common but carries the usual npm risks (install scripts can run during install); this is expected for a CLI-centric integration and not unusual for the stated purpose.
Credentials
The skill requests no environment variables or local secrets. SKILL.md explicitly advises against asking users for API keys and explains that Membrane manages auth server-side, which is proportionate to the stated goal.
Persistence & Privilege
always:false and no requested config paths or system-wide changes. The skill does not request permanent presence or modify other skills. Autonomous invocation is allowed (platform default) but not combined with other red flags.
Assessment
This skill is an instruction-only integration that tells you to install and use the Membrane CLI to access NiftyImages. Before using it: (1) Confirm you trust Membrane (@membranehq) because the CLI and Membrane's proxy will handle your credentials and route API requests through their service; review their privacy/security docs. (2) Installing the CLI via `npm -g` is normal but run it from a trusted source and review the package (npm install scripts can run). (3) When authenticating, verify connector/connection IDs and review any action's input before running (especially actions that modify data). (4) If you prefer to keep credentials local or avoid routing traffic through a third party, do not follow the proxy instructions and instead use your own vetted integration. Overall this skill is coherent with its stated purpose; proceed if you trust Membrane and the directions above.Like a lobster shell, security has layers — review code before you run it.
latestvk97dd1svphr13f144efrhp74zd8429vv
License
MIT-0
Free to use, modify, and redistribute. No attribution required.