Snipcart
v1.0.2Snipcart integration. Manage Carts, Products, Customers, Discounts, Orders, ShippingRates. Use when the user wants to interact with Snipcart data.
⭐ 0· 88·0 current·0 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name/description (Snipcart integration) matches the instructions: installing/using the Membrane CLI to connect to Snipcart and run actions or proxied API requests. Nothing unrelated (e.g., cloud provider keys or unrelated services) is requested.
Instruction Scope
SKILL.md only instructs installing and using the Membrane CLI, performing connection and action-list/run commands, and optionally proxied HTTP requests. It does not instruct reading arbitrary local files, extracting system secrets, or sending data to unexpected endpoints beyond Membrane/Snipcart.
Install Mechanism
Installation is a single public npm package command (npm install -g @membranehq/cli) and also documents npx usage. This is a common pattern for CLI tooling; while npm packages carry typical supply-chain risk, the install method is proportional to the described functionality.
Credentials
No environment variables, credentials, or config paths are required by the skill itself. Authentication is delegated to Membrane via browser-based login/connection flows, which is consistent with the guidance to not ask users for API keys locally.
Persistence & Privilege
The skill is instruction-only, has no install spec that writes files under the skill, and does not request always:true or other elevated persistent privileges. Autonomy settings are default and expected for a skill of this type.
Assessment
This skill is instruction-only and uses the Membrane CLI to proxy requests to Snipcart. Before installing, confirm you trust the Membrane project (@membranehq on npm and getmembrane.com) because authentication and API requests will be mediated by Membrane (they handle credentials server-side). Installing the CLI globally with npm is normal but be aware of general npm supply-chain risk — you can instead use npx where shown. If you need stricter control, review Membrane's privacy/security docs and verify the connector/connection IDs and scopes shown during the browser login flow before granting access.Like a lobster shell, security has layers — review code before you run it.
latestvk9771caqjcg55jk8dhc77b8g81842q78
License
MIT-0
Free to use, modify, and redistribute. No attribution required.