Zype
v1.0.0Zype integration. Manage data, records, and automate workflows. Use when the user wants to interact with Zype data.
⭐ 0· 53·0 current·0 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name/description (Zype integration) match the instructions: all actions are performed via the Membrane CLI and Membrane connections to Zype. No unrelated services, credentials, or binaries are requested.
Instruction Scope
SKILL.md only instructs using the Membrane CLI: install, login, create/inspect connections, list actions, run actions, or proxy requests to the Zype API via Membrane. It does not instruct reading arbitrary local files or pulling unrelated credentials. It does require interactive browser-based auth or a headless flow where the user completes a browser step.
Install Mechanism
The skill recommends installing @membranehq/cli globally via npm (npm install -g). This is expected to use the Membrane CLI but is a system-level npm install which has the usual moderate risk (global packages alter system PATH). The skill also suggests npx in examples, which is a lower-friction alternative.
Credentials
No environment variables, credentials, or config paths are requested by the skill. The SKILL.md explicitly advises against asking users for API keys and says Membrane manages credentials server-side, which is proportional for a connector-based integration.
Persistence & Privilege
Skill is instruction-only, has no install spec in the registry, does not request always:true, and does not require writing to other skills' configs. It relies on the Membrane service for auth and proxying without asking for persistent local secrets.
Assessment
What to consider before installing: (1) This skill delegates all access to Zype through Membrane — requests and auth will go through Membrane's service, so review Membrane's privacy/security policies and trustworthiness. (2) The SKILL.md recommends installing a global npm package (@membranehq/cli); prefer using npx if you want to avoid a global install, and review the CLI's source on GitHub before installing. (3) You will be asked to authenticate via a browser or complete a headless code flow; be prepared to complete those steps and avoid pasting secrets into untrusted contexts. (4) The skill does not request or store local API keys, environment variables, or system configuration beyond using the Membrane CLI. If you need to restrict data flow, verify which requests will be proxied through Membrane when creating a connection.Like a lobster shell, security has layers — review code before you run it.
latestvk97bxphjvgqwzp6arxn4z07aax84c19y
License
MIT-0
Free to use, modify, and redistribute. No attribution required.