Shortcut
v1.0.2Shortcut integration. Manage data, records, and automate workflows. Use when the user wants to interact with Shortcut data.
⭐ 0· 104·0 current·0 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The skill claims to integrate with Shortcut and its SKILL.md exclusively describes using the Membrane CLI to discover/run Shortcut actions and proxy API requests. There are no unrelated environment variables, binaries, or config paths requested, so the requested capabilities align with the stated purpose.
Instruction Scope
The runtime instructions are limited to installing and using the Membrane CLI (npm install -g @membranehq/cli), running membrane login/connect/action/run/request commands, and using the browser-based auth flow. These steps stay within the Shortcut-integration scope, but they do route Shortcut requests and credentials through the Membrane service (getmembrane.com). That is expected for this design, but it means Shortcut data and auth will be handled by Membrane rather than a direct Shortcut API call—an explicit privacy/trust consideration for the user.
Install Mechanism
There is no platform install spec in the registry (instruction-only), but the SKILL.md tells users to install a public npm package globally (@membranehq/cli). This is a reasonable dependency for a CLI-based integration. Installing global npm packages writes to the system PATH and carries the usual npm risks (review the package on npm/github before installing). No downloads from arbitrary URLs or archives are instructed.
Credentials
The skill declares no required env vars or primary credential. It explicitly advises not to ask users for API keys and instead to create a Membrane connection so Membrane manages auth server-side. That is proportionate to its function. Note: you will grant Membrane access to Shortcut data during the connector setup, so ensure you trust the Membrane service for credential handling.
Persistence & Privilege
The skill is instruction-only, does not request always:true, and does not modify other skills or system-wide agent settings. Installing the Membrane CLI is a normal, local side-effect but the skill itself does not demand persistent elevated privileges.
Assessment
This skill is coherent: it uses the Membrane CLI to connect to Shortcut and does not request unrelated secrets. Before installing or using it, verify you trust the Membrane service (getmembrane.com/@membranehq and the @membranehq/cli npm/github pages), because authentication and Shortcut data will flow through Membrane. When installing, review the npm package and its permissions, avoid running global installs in untrusted environments, and prefer using an account or workspace with appropriate least privilege for connections you create. If you require direct control of Shortcut API keys, this skill intentionally avoids that model—expect auth to be handled by Membrane.Like a lobster shell, security has layers — review code before you run it.
latestvk97d7er7ngxm4ep9cwj9f4k6p184212n
License
MIT-0
Free to use, modify, and redistribute. No attribution required.