Reviewflowz
v1.0.2Reviewflowz integration. Manage Organizations. Use when the user wants to interact with Reviewflowz data.
⭐ 0· 108·0 current·0 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
The SKILL.md describes interacting with Reviewflowz via the Membrane CLI (search/connect/action/request). That aligns with the declared purpose. However, the skill metadata lists no required binaries while the instructions clearly require Node/npm and the @membranehq/cli (membrane) CLI — the registry should have declared those prerequisites.
Instruction Scope
Instructions stay within the stated scope: install and use the Membrane CLI, authenticate via browser, create/inspect connections, run actions, or proxy raw Reviewflowz API calls through Membrane. The skill explicitly avoids asking for user API keys and does not instruct reading unrelated files or environment variables.
Install Mechanism
There is no formal install spec in the package metadata (it's instruction-only). The SKILL.md tells the user to run `npm install -g @membranehq/cli` (or use npx). Installing a global npm package pulls code from the public registry — this is common but has some risk if the package name or source is not verified. Prefer using npx or verifying the package repository before running a global install.
Credentials
The skill asks for no environment variables or credentials in metadata and the instructions rely on Membrane-managed auth (browser-based login / connection flow). Requested access appears proportional to the functionality: network access and a Membrane account are reasonable requirements.
Persistence & Privilege
The skill does not request always-on presence and is user-invocable. There is no indication it modifies other skills or system-wide settings. Autonomous invocation is allowed by default (not flagged) and is not combined with other concerning factors here.
Assessment
Before installing or using this skill: (1) Verify the Membrane CLI package and its upstream repository (confirm @membranehq/cli on npm points to the official Membrane GitHub) rather than blindly running a global npm install. Using `npx @membranehq/cli` reduces persistent installation risk. (2) Understand you'll need network access and to authenticate via a browser-based Membrane login; Membrane will hold Reviewflowz credentials server-side and proxy API calls. (3) The skill metadata did not declare required binaries (node/npm and the Membrane CLI) — be aware of this mismatch. (4) Only run these commands in an environment you trust and avoid pasting secrets into ad-hoc prompts; follow the documented connection flow so credentials remain managed by Membrane.Like a lobster shell, security has layers — review code before you run it.
latestvk97ear1mdxreg71r43px06vp0h842ztw
License
MIT-0
Free to use, modify, and redistribute. No attribution required.