Salesforce Dmp
v1.0.0Salesforce DMP integration. Manage data, records, and automate workflows. Use when the user wants to interact with Salesforce DMP data.
⭐ 0· 46·0 current·0 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
Name/description match the runtime instructions: the skill is purely an integration helper that uses the Membrane CLI to access Salesforce DMP (Audience Studio). No unrelated credentials, binaries, or capabilities are requested.
Instruction Scope
SKILL.md limits actions to installing @membranehq/cli, logging in, creating/using Membrane connections, running prebuilt actions, and optionally proxying raw API requests via Membrane. The proxy capability is powerful (it can send arbitrary requests to Salesforce DMP endpoints through Membrane), which is coherent with the stated purpose but worth noting because it can be used to reach arbitrary endpoints supported by the connector.
Install Mechanism
There is no formal install spec in the manifest; the instructions ask the user to run `npm install -g @membranehq/cli` manually. Installing a global npm CLI runs third‑party code on the host — expected for a CLI-based integration but a non-trivial trust decision. The skill itself writes nothing to disk (instruction-only).
Credentials
The skill declares no required environment variables, credentials, or config paths. Authentication is delegated to Membrane and handled via browser login flows, which matches the skill's guidance 'let Membrane handle credentials.'
Persistence & Privilege
Skill is instruction-only, has always: false, and does not request persistent agent privileges or modify other skills. It does rely on a persistent third‑party account (Membrane) but does not embed persistent credentials itself.
Assessment
This skill is coherent with its stated purpose, but before using it you should: (1) verify you trust @membranehq/cli and the Membrane service (review their npm package, GitHub repo, and privacy/security documentation), (2) avoid installing global npm packages on highly sensitive hosts or use a sandbox/container, (3) be aware that Membrane acts as a proxy and will handle credentials server‑side — confirm that storing and routing your Salesforce DMP data through Membrane is acceptable for your compliance/privacy needs, and (4) when using proxy/raw requests, double-check request targets so you don't unintentionally send sensitive data to unexpected endpoints. If you need higher assurance, ask the skill author for a formal install manifest or prefer a vetted, enterprise-approved connector.Like a lobster shell, security has layers — review code before you run it.
latestvk972kdxw1ze2ngxghpaqc7actn84eyd8
License
MIT-0
Free to use, modify, and redistribute. No attribution required.