Storyblok
v1.0.2Storyblok integration. Manage Stories, Spaces. Use when the user wants to interact with Storyblok data.
⭐ 0· 125·0 current·0 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name/description (Storyblok integration) aligns with the SKILL.md: it instructs the agent to use the Membrane CLI to list/create connections, run actions, and proxy requests to Storyblok. No unrelated services, binaries, or credentials are requested.
Instruction Scope
SKILL.md limits runtime activity to using the Membrane CLI (login, connect, action list/run, proxy). It does not instruct the agent to read arbitrary local files, environment variables, or send data to endpoints outside Membrane/Storyblok. Headless auth flow and CLI usage are documented and scoped to connection/auth setup.
Install Mechanism
This is an instruction-only skill (no install spec). The doc advises installing @membranehq/cli via npm (global install). Installing a global npm package is a standard but non-trivial step (downloads code from the npm registry); it's expected for using the CLI but is performed by the user rather than enforced by the skill.
Credentials
The skill declares no required env vars or credentials. It relies on a Membrane account and browser-based OAuth flows for Storyblok; that is proportional to the task. The SKILL.md explicitly advises not to ask users for API keys, which matches the stated architecture.
Persistence & Privilege
always:false (no forced inclusion). The skill does not request persistent system / cross-skill configuration or elevated privileges. Allowing autonomous invocation is the platform default and is not flagged by itself.
Assessment
This skill appears coherent: it uses Membrane as a proxy and the Membrane CLI to interact with Storyblok. Before installing/using: (1) verify the npm package @membranehq/cli and the maintainer are trusted (check npm and GitHub pages), (2) be aware npm -g installs run code on your machine—install in an environment you control or use a container if uncertain, (3) when authorizing Storyblok in the browser, review the scopes the connector requests and revoke access if needed, (4) confirm you trust Membrane (privacy, credential handling) since it will mediate access to your Storyblok data. The skill itself does not request unrelated secrets or read local files.Like a lobster shell, security has layers — review code before you run it.
latestvk97c5vtxpgkp536e0e9rfern2n84283z
License
MIT-0
Free to use, modify, and redistribute. No attribution required.