Phonecom
v1.0.2Phone.com integration. Manage Accounts. Use when the user wants to interact with Phone.com data.
⭐ 0· 117·0 current·0 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The skill claims to integrate with Phone.com and all runtime instructions focus on using the Membrane CLI to discover and run Phone.com actions or proxy raw API calls. No unrelated credentials, binaries, or config paths are requested.
Instruction Scope
SKILL.md instructs the agent (or user) to install and use the Membrane CLI, perform OAuth-style login flows, create connections, list and run actions, and optionally proxy raw API requests through Membrane. These steps stay within the stated purpose and do not ask the agent to read arbitrary local files or unrelated environment variables.
Install Mechanism
The instructions tell users to install the Membrane CLI via npm (-g). That is expected for a CLI-centric integration, but global npm installs modify the host environment and require trust in the @membranehq/cli package and its maintainer. The skill itself does not perform the install (instruction-only).
Credentials
No environment variables, credentials, or config paths are declared or requested by the skill. The SKILL.md explicitly advises against collecting Phone.com API keys locally and instead to use Membrane-hosted connections, which is consistent and proportionate.
Persistence & Privilege
The skill does not request persistent presence (always is false), does not modify other skills or system-wide settings in its instructions, and relies on the Membrane service for auth—no elevated platform privileges are requested.
Assessment
This skill is coherent: it routes Phone.com interactions through the Membrane CLI/service. Before installing or using it, verify you trust Membrane/@membranehq because Membrane will broker access to your Phone.com account (it handles OAuth and stores credentials server-side). Prefer reviewing the @membranehq/cli package source and publish history on npm/GitHub, avoid pasting API keys into third-party prompts, and consider using a limited-scope Membrane connection or test account if you want to minimize blast radius. If you cannot or do not want to install a global npm package, use a container or local install (npx) instead.Like a lobster shell, security has layers — review code before you run it.
latestvk976swz69njkng3ft1f94q6rj9842qty
License
MIT-0
Free to use, modify, and redistribute. No attribution required.