Quantil
v1.0.2QUANTIL integration. Manage data, records, and automate workflows. Use when the user wants to interact with QUANTIL data.
⭐ 0· 128·0 current·0 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name and description say this integrates with QUANTIL; the SKILL.md exclusively documents using the Membrane CLI and Membrane proxy to discover and run QUANTIL actions — those dependencies match the stated purpose.
Instruction Scope
All runtime steps are limited to installing/using the Membrane CLI, logging in, listing/connecting actions, running actions, or proxying requests. The skill does not instruct reading unrelated files or exporting arbitrary local data.
Install Mechanism
The SKILL.md advises installing/running @membranehq/cli via npm or npx. That is a typical approach for CLIs but does carry the usual npm supply-chain risk (npx/@latest runs code from the registry). There are no direct downloads or URLs to untrusted hosts.
Credentials
The skill declares no environment variables or credentials. It explicitly delegates auth to Membrane (server-side) and instructs creating a connection rather than asking for API keys locally, which is proportionate. Note: the Membrane CLI will perform local login flows and store tokens/config locally (normal for a CLI) even though no env vars are required.
Persistence & Privilege
The skill is instruction-only and not marked always:true. Autonomous invocation is allowed by default but not combined with other red flags. The skill does instruct installing a global CLI if the user follows the guide, which will add a local binary, but that is expected for this integration.
Assessment
This skill is coherent: it uses the Membrane CLI to access QUANTIL and asks for no local API keys. Before installing, verify you trust the Membrane project (@membranehq/cli) and prefer pinning a specific CLI version rather than running npx @latest to reduce npm supply-chain risk. Be aware the CLI login opens a browser and stores credentials locally (typical for CLIs). If you do not want a global CLI installed, consider using npx with a pinned version or run in an isolated environment. Finally, confirm https://getmembrane.com / the GitHub repo are the expected upstream sources before proceeding.Like a lobster shell, security has layers — review code before you run it.
latestvk973mrzgk04rrgcdp4w6n12ehx843d8w
License
MIT-0
Free to use, modify, and redistribute. No attribution required.