Wishpond
v1.0.0Wishpond integration. Manage data, records, and automate workflows. Use when the user wants to interact with Wishpond data.
⭐ 0· 63·0 current·0 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name/description (Wishpond integration) match the instructions: all commands target the Membrane CLI which proxies to Wishpond. No unrelated credentials, binaries, or paths are requested.
Instruction Scope
SKILL.md sticks to installing and using the Membrane CLI, creating a connection to Wishpond, listing and running actions, and proxying API requests. It does not instruct the agent to read unrelated files, harvest environment variables, or exfiltrate data outside the expected Membrane/Wishpond flow. It does require network access and interactive browser-based authentication (or headless code flow).
Install Mechanism
The skill is instruction-only and has no built-in install spec, but it recommends installing @membranehq/cli globally via npm (npm install -g). Installing a third-party CLI from npm is a standard approach but carries the usual supply-chain considerations (verify package ownership, version, and integrity) and may require elevated permissions for global installs.
Credentials
The skill does not request local environment variables or secrets. However, it requires a Membrane account and relies on Membrane to manage Wishpond credentials and proxy requests — this means you must trust Membrane with API traffic and tokens even though the skill itself doesn't ask for credentials.
Persistence & Privilege
The skill is not always-on, is user-invocable, and does not request any special persistent privileges or attempt to modify other skills or system-wide settings.
Assessment
This skill is coherent: it tells you to install and use the Membrane CLI to connect to Wishpond rather than collecting API keys locally. Before installing, consider: (1) trust and privacy — Membrane will see the proxied requests and hold tokens, so review their privacy/security posture and terms; (2) npm install -g runs third-party code with elevated scope — verify the @membranehq/cli package on npm/GitHub and prefer an audited version; (3) global npm installs may require admin rights — consider using a local or containerized environment; (4) the auth flow opens a browser (or uses a headless code flow) so be prepared to complete auth interactively; (5) do not supply Wishpond API keys to the skill — follow its guidance to create a connection through Membrane. If you need higher assurance, ask for the exact npm package version, the package repository and checksum, and review Membrane's documentation and privacy policy before proceeding.Like a lobster shell, security has layers — review code before you run it.
latestvk97f0ckpbjkzh01vxjxhnpjnj1844j70
License
MIT-0
Free to use, modify, and redistribute. No attribution required.