10Duke
v1.0.010Duke integration. Manage data, records, and automate workflows. Use when the user wants to interact with 10Duke data.
⭐ 0· 53·0 current·0 all-time
byMembrane Dev@membranedev
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name/description (10Duke integration) matches the instructions: installing and using the Membrane CLI to interact with 10Duke. Required capabilities (network + Membrane account) are coherent with the stated purpose.
Instruction Scope
SKILL.md limits runtime actions to installing/using the Membrane CLI, creating/listing connections, running predefined actions, and optionally proxying raw API requests through Membrane. It does not instruct reading unrelated files, environment variables, or system configuration.
Install Mechanism
There is no registry install spec (skill is instruction-only). The guide asks users to run `npm install -g @membranehq/cli`, which downloads code from the npm registry — expected for a CLI but carries the usual supply-chain considerations (verify package source/version) since the skill itself does not perform the install.
Credentials
The skill declares no environment variables or credentials and explicitly relies on Membrane to manage auth. This is proportionate; however, using the flow will cause credentials/data access to be handled by Membrane's service, so trusting that third party is required.
Persistence & Privilege
The skill is user-invocable and not marked 'always'. It does not request persistent system-wide changes or access to other skills' configs. Autonomous invocation is allowed by default but not combined with other risky factors here.
Assessment
This skill is internally consistent and simply instructs you to install and use the Membrane CLI to access 10Duke. Before you proceed: (1) verify the npm package @membranehq/cli is the official package and the version you intend to install (npm.org, GitHub repo, checksums if available); (2) understand that authentication and proxied API requests go through Membrane's service — you are implicitly trusting Membrane with credentials and request payloads; (3) avoid installing global packages on sensitive/production systems without review; and (4) if you need offline or fully self-hosted access, confirm whether Membrane supports that mode. If you want, I can fetch the Membrane CLI repo URL and inspect the package metadata or provide checklist items to verify package integrity.Like a lobster shell, security has layers — review code before you run it.
latestvk978t58tm2k74ft2x5cc6n5rd984bv7r
License
MIT-0
Free to use, modify, and redistribute. No attribution required.