Ringba
v1.0.0Ringba integration. Manage data, records, and automate workflows. Use when the user wants to interact with Ringba data.
⭐ 0· 62·0 current·0 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name/description say 'Ringba integration' and the SKILL.md consistently instructs the agent to use the Membrane CLI and a Membrane account to access Ringba. No unrelated credentials, binaries, or config paths are requested.
Instruction Scope
All runtime instructions are limited to installing/using the Membrane CLI, performing OAuth-style connection flows, listing and running Membrane actions, and proxying requests through Membrane. The instructions do not ask the agent to read local files, harvest unrelated environment variables, or transmit data to unexpected endpoints.
Install Mechanism
There is no platform install spec — the SKILL.md instructs the user to install or invoke a public npm package (@membranehq/cli) via npm or npx. This is expected for a CLI-based integration, but installing or running remote npm packages carries the normal supply-chain risk; the skill itself does not automatically install anything.
Credentials
The skill declares no required environment variables or credentials and relies on Membrane's browser-based connection flow to manage auth. That matches the stated design (do not ask users for API keys).
Persistence & Privilege
The skill is not always-included and is user-invocable. It does not request persistent system-level privileges or attempt to modify other skills' configs. Autonomous invocation is allowed by default but is not combined with other red flags here.
Assessment
This skill is instruction-only and tells you to use the Membrane CLI to connect to Ringba; it's internally consistent. Before installing/using it: (1) Confirm you trust Membrane (getmembrane.com) and the @membranehq npm package — verify the package and GitHub repo on npm/GitHub. (2) Be aware that installing global npm packages or running npx executes code from the registry (normal but a supply-chain risk). (3) The connection flow uses browser OAuth — you will grant access to Membrane to act on your Ringba account, so review the permissions requested during that flow. (4) The skill will proxy Ringba requests through Membrane servers, so check Membrane's privacy/security docs if that concerns you. If any of these checks fail or you do not want to install/run an external CLI, do not enable this skill.Like a lobster shell, security has layers — review code before you run it.
latestvk97ak0ftdvmqeqebd7bx9gd4m984bckj
License
MIT-0
Free to use, modify, and redistribute. No attribution required.