ClawHub

Ygy

v1.0.0

Y.gy integration. Manage data, records, and automate workflows. Use when the user wants to interact with Y.gy data.

0· 31·0 current·0 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The skill's name/description (Y.gy integration) matches the instructions: all runtime actions use the Membrane CLI to discover connectors, create connections, run actions, and proxy requests to Y.gy. No unrelated services, credentials, or binaries are requested.
Instruction Scope
SKILL.md only instructs installing/using the @membranehq CLI, running membrane commands, and performing browser-based authentication or headless login-complete flows. It does not ask the agent to read arbitrary files, environment variables, or system secrets, nor to send data to endpoints outside of Membrane/Y.gy.
Install Mechanism
The skill is instruction-only (no install spec) but tells users to run npm install -g @membranehq/cli or use npx. This is coherent and expected, but global npm installs can run package lifecycle scripts — a moderate operational risk typical of installing third-party CLIs. Using npx, a contained environment, or inspecting the package on the registry reduces that risk.
Credentials
The skill declares no required environment variables or credentials and explicitly tells users not to supply API keys, instead to create a Membrane connection that handles auth. Requested access is proportional to the stated purpose.
Persistence & Privilege
The skill is not forced-always, is user-invocable, and permits autonomous invocation (the platform default). It does not request persistent agent-level privileges or attempt to modify other skills or system-wide settings.
Assessment
This skill appears to be what it claims: a set of instructions to use the Membrane CLI to interact with Y.gy. Before installing or running the CLI, verify the @membranehq/cli package on the npm registry and the Membrane project (homepage/repo) so you trust the maintainer. Prefer npx or a container/virtual environment instead of a global npm install to reduce risk from package install scripts. Be aware that authentication happens via your Membrane account/browser flow — don't paste API keys into unrelated places, and confirm Membrane's privacy/security documentation if you'll proxy sensitive data through their service.

Like a lobster shell, security has layers — review code before you run it.

latestvk97ehe7p75dtnmsjvqnccbkv1n8475r3

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments