Shortio
v1.0.2Short.io integration. Manage Domains, Bundles, Teams, Users. Use when the user wants to interact with Short.io data.
⭐ 0· 127·0 current·0 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description match the instructions: all runtime steps are about using the Membrane CLI to interact with Short.io (connections, actions, proxy requests). Nothing requested is unrelated to Short.io management.
Instruction Scope
Instructions are limited to installing the Membrane CLI, logging in via browser, creating/using a Short.io connection, running actions, and proxying API requests through Membrane. Important privacy note: API calls and credentials are handled by Membrane servers (the skill explicitly relies on Membrane to inject auth and proxy requests), so Short.io requests and possibly request payloads/metadata will transit Membrane’s infrastructure.
Install Mechanism
No automatic install spec in the registry (skill is instruction-only). The SKILL.md recommends a global npm install: `npm install -g @membranehq/cli`. Installing an npm package globally is a legitimate way to get a CLI but carries the usual supply-chain considerations — verify the package name and publisher before installing (or prefer `npx`/local install) and be aware global install may require elevated privileges.
Credentials
The skill declares no required env vars or credentials and the instructions advise using Membrane connections rather than asking for API keys. That is proportionate to the stated purpose. The primary credential in practice is a Membrane account (via browser login).
Persistence & Privilege
Skill is not marked always:true and does not request persistent system modification. Autonomous invocation is allowed by default but nothing in the instructions grants elevated or hidden long-term privileges.
Assessment
This skill looks coherent, but check a few things before installing: 1) Confirm the @membranehq/cli package and its publisher (or use npx) to reduce supply-chain risk; 2) Be aware that requests and auth are proxied via Membrane — don’t send sensitive data you wouldn’t want routed through a third party; 3) The CLI will open a browser for login (or print a URL for headless flows); 4) The skill itself does not ask for Short.io API keys locally, but it does rely on your Membrane account — only proceed if you trust Membrane's service and privacy policy.Like a lobster shell, security has layers — review code before you run it.
latestvk972sxxgddnr3nx622p9d5scg5843dpm
License
MIT-0
Free to use, modify, and redistribute. No attribution required.