Werkbonapp
v1.0.0WerkbonApp integration. Manage data, records, and automate workflows. Use when the user wants to interact with WerkbonApp data.
⭐ 0· 68·0 current·0 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description describe a WerkbonApp integration and all instructions consistently focus on using the Membrane CLI and Membrane-hosted connections to interact with WerkbonApp. There are no requests for unrelated credentials or system resources.
Instruction Scope
SKILL.md instructs installing and using the Membrane CLI, performing browser-based OAuth flows, listing connections/actions, running actions, and proxying API requests via Membrane. These actions are within scope for a connector/integration skill and the file explicitly warns not to ask users for API keys.
Install Mechanism
There is no embedded install spec in the registry (instruction-only), but the docs tell users to run `npm install -g @membranehq/cli` or use `npx`. Installing an npm package is normal for a CLI but runs third-party code on the machine — recommend reviewing the npm package and preferring `npx` or a pinned version to reduce risk.
Credentials
The skill declares network access and a Membrane account are required and requests no environment variables, credentials, or config paths. That is proportionate for a CLI-based connector that relies on Membrane to manage auth.
Persistence & Privilege
Skill does not request permanent/always-on privileges (always:false) and is user-invocable. It does not instruct modifying other skills or system-wide configuration. Normal autonomous invocation setting is unchanged.
Assessment
This appears coherent and not asking for unrelated secrets, but before installing: (1) confirm the npm package name (@membranehq/cli) and review its npm page/maintainers and GitHub repo to ensure it's the official CLI; (2) prefer `npx @membranehq/cli@latest` or install a pinned version instead of a global `-g` install if you want to avoid persistent binaries; (3) be mindful that the CLI opens a browser for OAuth and that Membrane will proxy requests and hold connections/tokens server-side — only proceed if you trust Membrane/your tenant; (4) if unsure, run commands in a sandboxed environment and inspect JSON outputs before piping or executing them.Like a lobster shell, security has layers — review code before you run it.
latestvk97dcfjdpxfxyagxg9t7tgyxsn844xvd
License
MIT-0
Free to use, modify, and redistribute. No attribution required.