Sparkpost
v1.0.2SparkPost integration. Manage Campaigns, Templates. Use when the user wants to interact with SparkPost data.
⭐ 0· 140·0 current·0 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description match the instructions: the SKILL.md instructs the agent to use the Membrane CLI to manage SparkPost resources. No unrelated environment variables, binaries, or config paths are requested.
Instruction Scope
Instructions are limited to installing/using the Membrane CLI, logging in, creating connections, listing/running actions, and proxying requests to SparkPost. The doc explicitly advises against asking users for API keys and does not instruct reading unrelated files or environment variables.
Install Mechanism
The registry has no install spec, but SKILL.md directs users to install @membranehq/cli via npm -g or to use npx. Global npm installs have moderate risk if you don't trust the publisher; using npx (one-off) reduces persistence. This is proportionate to the stated design but worth verifying the package source before installing.
Credentials
The skill requests no environment variables or credentials. It relies on Membrane to manage SparkPost credentials server-side, which is consistent with the guidance in the SKILL.md.
Persistence & Privilege
The skill is not force-enabled (always:false) and does not request elevated system presence or modify other skills. Default autonomous invocation is allowed (platform default) and is not by itself concerning here.
Assessment
This skill appears coherent, but take these precautions before installing/using it: 1) Verify you trust the @membranehq/cli npm package and its publisher (review the package page and GitHub repo) — prefer using npx for one-off runs if you don't want a global install. 2) Understand that Membrane will broker your SparkPost credentials server-side — review Membrane's privacy/security docs and ensure you’re comfortable granting it that access. 3) Use least-privilege SparkPost connections (create a limited API user) if possible. 4) Avoid pasting API keys or secrets into free-text prompts; follow the connection flow in the CLI. 5) If you are concerned about autonomous agent actions, restrict when the agent can call this skill or audit its invocations.Like a lobster shell, security has layers — review code before you run it.
latestvk974jjzapdfaenwb7kgtktw1kd842qg2
License
MIT-0
Free to use, modify, and redistribute. No attribution required.