Spydra
v1.0.2Spydra integration. Manage Organizations, Pipelines, Users, Goals, Filters. Use when the user wants to interact with Spydra data.
⭐ 0· 88·0 current·0 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
The name/description (Spydra integration) match the SKILL.md: it tells the agent to use the Membrane CLI to discover connectors, create connections, run prebuilt actions, or proxy raw API requests to Spydra. There are no unrelated credential or binary requests.
Instruction Scope
Instructions are specific and scoped to installing and using the Membrane CLI and its commands (login, connect, action list/run, request). The skill does not instruct reading arbitrary local files or other unrelated environment variables. It does enable sending arbitrary proxied requests to the service (expected for this kind of integration).
Install Mechanism
No install spec in the package manifest, but the SKILL.md recommends installing @membranehq/cli globally via npm (npm install -g). Using a third‑party npm package is a common choice but introduces moderate risk because it downloads and executes code on the host. Consider using npx or verifying the package/source before a global install.
Credentials
The skill requests no environment variables or unrelated credentials and explicitly instructs not to ask users for API keys, instead relying on Membrane-managed connections. This is proportionate to a connector integration.
Persistence & Privilege
always is false and there is no install script or code that requests persistent system-wide changes. The only persistence is the standard Membrane CLI login flow (browser auth and stored credentials), which is expected for this use case.
Assessment
This skill appears to do what it says: it uses the Membrane CLI to connect to Spydra and run actions or proxied API calls. Before installing or using it: (1) verify the @membranehq/cli npm package and its repository/maintainer (prefer npx to avoid a global install), (2) understand that Membrane will hold your connection credentials and the CLI can proxy arbitrary requests to Spydra — limit agent autonomy if you don't want unattended access to that data, (3) review the Membrane docs/repo and your organization’s policy on installing third‑party CLIs, and (4) in headless or shared environments, avoid pasting auth codes into unknown prompts. If you want higher assurance, ask the skill author for a vetted install method or a signed release URL.Like a lobster shell, security has layers — review code before you run it.
latestvk97bc4hebgca6w8jszeacaa011843jzk
License
MIT-0
Free to use, modify, and redistribute. No attribution required.