Ontask
v1.0.0OnTask integration. Manage data, records, and automate workflows. Use when the user wants to interact with OnTask data.
⭐ 0· 48·0 current·0 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name/description (OnTask integration) match the instructions: all operations are performed via the Membrane CLI which is a reasonable implementation choice for connecting to OnTask and managing actions/requests.
Instruction Scope
Instructions are limited to installing/using the Membrane CLI, authenticating via browser, listing/connecting actions, running actions, and proxying API requests through Membrane. This is within scope, but be aware that proxying sends your OnTask API calls and payloads to Membrane's service (expected for this approach). The instructions do not request reading unrelated files or environment variables.
Install Mechanism
There is no packaged install spec in the registry; the SKILL.md tells the user to globally install @membranehq/cli via npm (or use npx). Installing a global npm CLI executes third-party code on the machine and modifies the environment — this is expected for a CLI-based integration but is a nontrivial system change.
Credentials
The skill declares no required env vars or credentials and explicitly recommends using Membrane-managed connections (no local API keys). Requesting a Membrane account and browser-based auth is proportional to its described function.
Persistence & Privilege
The skill does not request always:true or other elevated persistence, nor does it ask to modify other skills or system-wide agent settings. Autonomous invocation is allowed (platform default) and appropriate here.
Assessment
This skill appears to do what it says: it uses the Membrane CLI to interact with OnTask and does not request unrelated secrets. Before installing, consider: (1) installing a global npm package runs third-party code on your machine — prefer using npx if you want to avoid global installs; (2) traffic and API calls will be proxied through Membrane’s service, so review Membrane’s privacy/security policies and trustworthiness for your data; (3) restrict the Membrane connection/account to the minimum privileges needed and verify any connector IDs/actions before running them. If you need higher assurance, inspect the Membrane CLI source or use a dedicated test account first.Like a lobster shell, security has layers — review code before you run it.
latestvk972z65hwpxvshqazhnsfz8h4h84ecyp
License
MIT-0
Free to use, modify, and redistribute. No attribution required.