Trengo
v1.0.0Trengo integration. Manage data, records, and automate workflows. Use when the user wants to interact with Trengo data.
⭐ 0· 28·0 current·0 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description (Trengo integration) match the instructions: the skill tells the agent to use the Membrane CLI to connect to Trengo, discover actions, run actions, and proxy requests. Network access and a Membrane account are declared and required, which is appropriate for this integration.
Instruction Scope
SKILL.md only instructs installing and using the Membrane CLI, performing OAuth-style login via browser, listing/connecting actions, and proxying requests. It does not instruct reading unrelated files, accessing unrelated env vars, or exfiltrating data to unexpected endpoints. The guidance to avoid asking users for API keys and to let Membrane manage credentials is consistent with the stated workflow.
Install Mechanism
The documented install is an npm global package (npm install -g @membranehq/cli). This is expected for a CLI but carries normal supply-chain risk (ensure the package scope/name and publisher are legitimate before installing and consider local or containerized installation on shared machines). There is no hidden download or archive extraction in the skill itself.
Credentials
The skill declares no required environment variables or local config paths. It requires a Membrane account and network access, which matches the documented OAuth/browser login flow and server-side credential management. No unrelated secrets are requested.
Persistence & Privilege
The skill is instruction-only, has no install spec written into the skill metadata, and does not request always:true or modify other skills or global agent settings. It runs only when invoked and does not demand elevated persistence.
Assessment
This skill appears to be what it claims: it uses the Membrane CLI to access Trengo. Before installing, verify the npm package and publisher (@membranehq/cli) on npmjs.com and the upstream GitHub repository to ensure authenticity. Prefer installing the CLI in a contained environment (user-level or container) rather than system-wide on shared machines. Be aware that Membrane will act as the proxy for API requests and store/refresh credentials server-side—review Membrane's privacy/security documentation and OAuth consent screens to understand what data will be accessible by that service. If you cannot trust Membrane or do not want a third party to broker credentials, do not install or use this skill.Like a lobster shell, security has layers — review code before you run it.
latestvk97c7h8v3gvap48shzffv90w518475w6
License
MIT-0
Free to use, modify, and redistribute. No attribution required.