10To8
v1.0.210to8 integration. Manage data, records, and automate workflows. Use when the user wants to interact with 10to8 data.
⭐ 0· 67·0 current·0 all-time
byMembrane Dev@membranedev
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name/description (10to8 integration) matches the runtime instructions: all actions are performed via the Membrane CLI which is a plausible integration layer for 10to8. No unrelated credentials, binaries, or config paths are requested.
Instruction Scope
SKILL.md limits actions to installing/using the Membrane CLI, creating connections, listing/running actions, and proxying requests to the 10to8 API. It does not instruct reading arbitrary local files or environment variables, nor does it direct data to unexpected endpoints beyond Membrane/10to8.
Install Mechanism
This is instruction-only (no automatic install), but it recommends running `npm install -g @membranehq/cli`. Installing a third-party global npm package is a user action — reasonable for this integration but the user should vet the package and its source before installing.
Credentials
The skill declares no required env vars or credentials and explicitly advises letting Membrane handle credentials. The level of access requested (browser-based OAuth via Membrane) is proportional to the stated purpose.
Persistence & Privilege
The skill is not always-enabled and is user-invocable. It does not request persistent system privileges or attempt to modify other skills' configs. Autonomous invocation remains allowed (platform default) but is not combined with other red flags.
Assessment
This skill is coherent: it uses the Membrane CLI as a proxy to 10to8 and does not ask for local secrets. Before installing/using it, (1) verify the @membranehq/cli npm package and its GitHub repo are legitimate, (2) review the OAuth scopes and permissions when you connect your 10to8 account via Membrane (you are granting Membrane access to your 10to8 data), and (3) be cautious when using the proxy feature to send arbitrary API requests (these requests can retrieve or change sensitive data). If you prefer not to install a global npm package or to hand credentials to a third party, consider using 10to8's API directly with your own vetted tooling.Like a lobster shell, security has layers — review code before you run it.
latestvk97an3s02bqfhz0swn7tzs9rvd843ekc
License
MIT-0
Free to use, modify, and redistribute. No attribution required.