Pipefy
v1.0.2Pipefy integration. Manage Organizations, Users, Filters. Use when the user wants to interact with Pipefy data.
⭐ 0· 101·0 current·0 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The skill is a Pipefy integration and only requires the Membrane CLI and network access to reach Pipefy via Membrane. There are no unrelated environment variables, binaries, or config paths requested that would be out of scope for a connector-style skill.
Instruction Scope
SKILL.md contains concrete instructions limited to installing the Membrane CLI, authenticating via Membrane's login flow, discovering connectors/actions, running actions, and proxying requests to the Pipefy API. It does not instruct reading arbitrary files, harvesting environment variables, or exfiltrating data to unexpected endpoints.
Install Mechanism
There is no formal install spec; the doc recommends installing @membranehq/cli via npm (global). npm installs are common for CLIs but can execute install scripts — this is moderate risk. The package is on the public registry and the install command is explicit; users should verify the package name and trustworthiness of @membranehq before installing globally.
Credentials
The skill declares no required env vars or primary credential; instead it relies on Membrane to manage Pipefy credentials server-side. That is proportionate for a connector skill, but it means Membrane (the third-party service) will see and manage authentication tokens and proxied requests.
Persistence & Privilege
always:false (no forced inclusion) and normal model invocation are used. The skill does not request persistent system-wide settings or modify other skills. Autonomous invocation is allowed by default, which is expected for skills.
Assessment
This skill appears coherent, but before installing: (1) verify you trust Membrane/getmembrane.com and the @membranehq/cli npm package (check publisher, repository, and reviews) because Membrane will hold and proxy your Pipefy credentials and API requests; (2) be cautious installing npm packages globally (may require elevated privileges) — consider using a controlled environment or container; (3) do not provide unrelated secrets to the skill; (4) prefer least-privilege connections in Pipefy and review the privacy/security docs of Membrane if sensitive data will be accessed.Like a lobster shell, security has layers — review code before you run it.
latestvk97f2643mgpetvz6gp74p8wees84374s
License
MIT-0
Free to use, modify, and redistribute. No attribution required.