Userlist
v1.0.0Userlist integration. Manage data, records, and automate workflows. Use when the user wants to interact with Userlist data.
⭐ 0· 59·0 current·0 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The skill claims to integrate with Userlist and its SKILL.md consistently uses Membrane to proxy Userlist operations. However, the registry metadata lists no required binaries while the instructions explicitly tell the user to install the @membranehq/cli npm package (or use npx). This is a minor mismatch between declared requirements and the runtime guidance.
Instruction Scope
SKILL.md instructs only to install and use the Membrane CLI, authenticate via browser, discover and run actions, or proxy direct API requests through Membrane. It does not direct the agent to read unrelated files, access unrelated env vars, or send data to endpoints outside Membrane/Userlist.
Install Mechanism
There is no formal install spec (instruction-only), which is lowest-risk. The doc recommends installing a public npm package (@membranehq/cli) or using npx; that is a common pattern but carries the usual moderate risk of installing third-party npm code—verify the package identity and source before installing globally.
Credentials
The skill declares no required environment variables or credentials. Authentication is driven through Membrane's browser-based login flow as described, so there is no unexplained request for unrelated secrets.
Persistence & Privilege
The skill is not always-enabled and is user-invocable. It does not request persistent system privileges or modify other skills; there is no evidence it would gain elevated presence beyond normal CLI usage.
Assessment
This skill appears to do what it says: it uses the Membrane CLI to let you manage Userlist via Membrane's proxy. Before installing or running commands: (1) verify the @membranehq/cli package and publisher on npm (or prefer npx to avoid a global install), (2) confirm you trust getmembrane.com / Membrane's privacy and security posture because the CLI will communicate with their service and hold connection metadata, (3) be aware the CLI may store local connection state/config files and that the browser login flow delegates authentication to Membrane, and (4) review the specific Membrane actions/requests you plan to run so you don't inadvertently send sensitive local data to the proxy. The minor inconsistency to note: the skill metadata lists no required binaries even though the runtime instructions require the Membrane CLI—this is likely oversight but worth being aware of.Like a lobster shell, security has layers — review code before you run it.
latestvk97162kgf3c7dew9dv76nr1v1d849qsg
License
MIT-0
Free to use, modify, and redistribute. No attribution required.