Railsr
v1.0.0Railsr integration. Manage data, records, and automate workflows. Use when the user wants to interact with Railsr data.
⭐ 0· 33·0 current·0 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description advertise a Railsr integration and the SKILL.md consistently instructs use of the Membrane CLI to connect to Railsr, discover actions, run actions, and proxy requests. The required network access and a Membrane account are coherent with this purpose.
Instruction Scope
All runtime instructions are limited to installing/using the Membrane CLI, authenticating via browser flow, listing/connecting to connectors, running actions, and proxying HTTP requests. The instructions do not direct reading unrelated local files, harvesting environment variables, or sending data to unexpected endpoints beyond Membrane/Railsr.
Install Mechanism
The skill is instruction-only (no install spec), but it asks the operator to install an npm global package (@membranehq/cli). Installing a global npm package is a typical way to get a CLI, but it does involve executing third-party code from the npm registry — moderate risk. Verify the package name and publisher before installing and consider using npx or reviewing package contents if concerned.
Credentials
The manifest declares no required environment variables or credentials, and the instructions explicitly rely on Membrane to handle auth server-side and say not to ask users for API keys. There are no unexplained credential requests.
Persistence & Privilege
The skill is not always-enabled and is user-invocable. It does not request persistent presence or modify other skills or system-wide settings. Autonomous invocation is allowed by platform default but is not combined with other red flags here.
Assessment
This skill is coherent: it tells you to use the Membrane CLI to connect to Railsr and does not ask for local secrets. Before installing or running it, consider: (1) You will install a global npm package (@membranehq/cli) — confirm the package and publisher are legitimate and review the package if you need high assurance. Using npx instead of -g reduces local install footprint. (2) Membrane acts as a proxy and will see request/response data and manage credentials server-side — make sure you trust Membrane (privacy/processing of financial data). (3) The login flow opens a browser or requires pasting a code in headless environments; follow best practices for authentication codes. (4) If you want extra caution, run the CLI in a controlled environment or inspect network traffic to confirm only expected endpoints are contacted.Like a lobster shell, security has layers — review code before you run it.
latestvk971wqdcv9bwa2hp855bybh865847a98
License
MIT-0
Free to use, modify, and redistribute. No attribution required.