Vtex
v1.0.0VTEX integration. Manage data, records, and automate workflows. Use when the user wants to interact with VTEX data.
⭐ 0· 77·0 current·0 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name/description (VTEX integration) match the instructions: all actions are performed via the Membrane CLI and the playbook focuses on connecting to VTEX, listing actions, running actions, and proxying requests. No unrelated credentials, binaries, or paths are requested.
Instruction Scope
SKILL.md confines runtime behavior to installing/using the @membranehq/cli, performing browser-based login (or headless token completion), creating/listing connections, running actions, and proxying VTEX API requests. It does not instruct the agent to read unrelated local files or environment variables.
Install Mechanism
There is no platform install spec; the doc recommends npm install -g @membranehq/cli. Installing a global npm package is a normal distribution method but executes third-party code locally—users should verify the package and its provenance (package owner, npm registry page, GitHub repo).
Credentials
The skill itself requests no environment variables or local credentials. However, it delegates authentication and credential storage to the Membrane service/CLI (server-side credential management). That centralization is reasonable for this integration but requires trusting Membrane with VTEX credentials and API traffic.
Persistence & Privilege
The skill does not request persistent/always-on privileges (always:false). It does not require modifying other skills or system-wide settings. Autonomous invocation is allowed by default (platform behavior) but not combined with other concerning privileges.
Assessment
This skill appears coherent: it uses the Membrane CLI to talk to VTEX and does not itself ask for local secrets. Before installing and using it: (1) verify the @membranehq/cli npm package and its GitHub repo (authorship, recent activity, and npm page) to ensure you trust the code you'll install globally; (2) understand that Membrane will store and proxy your VTEX credentials/requests—review Membrane's security/privacy and your org policy before delegating credentials to a third party; (3) prefer installing/testing the CLI in a controlled environment (container or VM) if you have security concerns about global npm installs; (4) be cautious with the 'membrane request' proxy which allows arbitrary API calls through Membrane and could expose data to their service. If you want more assurance, provide the exact npm package metadata or the Membrane repo URL for a deeper review.Like a lobster shell, security has layers — review code before you run it.
latestvk972g57cyjaw2cvfwpafth7vhs845m8m
License
MIT-0
Free to use, modify, and redistribute. No attribution required.