Postgrid
v1.0.2PostGrid integration. Manage Persons, Organizations, Addresses, Letters, Postcards, Templates and more. Use when the user wants to interact with PostGrid data.
⭐ 0· 116·0 current·0 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The skill claims to integrate with PostGrid and all instructions use the Membrane CLI to create a PostGrid connection, list actions, run actions, and proxy requests. Nothing requested (no env vars, no config paths) is out of scope for a connector that delegates auth to Membrane.
Instruction Scope
SKILL.md is explicit about using the Membrane CLI, browser-based login, connection creation, action discovery, and proxying requests. It does not ask the agent to read unrelated files or exfiltrate local secrets and explicitly advises not to ask users for PostGrid API keys.
Install Mechanism
The skill instructs installing @membranehq/cli globally via npm (npm install -g). This is an expected, reasonable install method for a CLI but carries the normal risks of installing a global npm package (supply-chain risk, privilege to write global binaries). The package is from the public npm ecosystem, not an arbitrary download URL.
Credentials
No environment variables, credentials, or config paths are requested by the skill; authentication is delegated to Membrane and performed via browser flows. The requested scope is proportionate to the stated purpose.
Persistence & Privilege
The skill is instruction-only and does not request permanent inclusion (always: false). It does not attempt to modify other skills or system-wide agent settings. Normal autonomous invocation is permitted by platform defaults and is not excessive here.
Assessment
This skill appears to be what it says: it uses the Membrane CLI to manage PostGrid resources and does not ask for unrelated credentials. Before installing, verify the @membranehq/cli package on the npm registry (confirm publisher and recent activity), and consider installing/running the CLI in a controlled environment (user account or container) if you have supply-chain concerns. Expect the CLI to open a browser for authentication and to send proxied API requests on your behalf — only proceed if you trust Membrane as the authentication proxy for your PostGrid account.Like a lobster shell, security has layers — review code before you run it.
latestvk97cb2wdzp75jzwxbxy04pnr6n842ym6
License
MIT-0
Free to use, modify, and redistribute. No attribution required.