3Scribe
v1.0.23Scribe integration. Manage data, records, and automate workflows. Use when the user wants to interact with 3Scribe data.
⭐ 0· 96·0 current·0 all-time
byMembrane Dev@membranedev
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description (3Scribe integration) align with the instructions: all actions use the Membrane CLI to manage 3Scribe connections, list actions, run actions, and proxy API requests. No unrelated services, binaries, or credentials are requested.
Instruction Scope
SKILL.md confines runtime behavior to installing and using the Membrane CLI, creating/listing connections, running actions, and proxying requests to 3Scribe. It does not instruct reading arbitrary files, harvesting unrelated environment variables, or transmitting data to unexpected endpoints beyond Membrane/3Scribe.
Install Mechanism
The registry contains no install spec (instruction-only), which is low risk. The SKILL.md instructs the user to run `npm install -g @membranehq/cli` — installing a third‑party global npm package has normal supply-chain risk. This is expected for a CLI-driven integration but the user should verify the package source/version before installing.
Credentials
No environment variables, credentials, or config paths are required by the skill. The doc explicitly advises against asking users for API keys and relies on Membrane to manage auth, which is proportionate to the stated purpose.
Persistence & Privilege
The skill is instruction-only, does not include code that would persist on the agent, and "always" is false. It requires network access and a Membrane account for normal operation; autonomous invocation is allowed by default but not combined with other concerning privileges.
Assessment
This skill is coherent for integrating with 3Scribe via Membrane. Before installing or using it: (1) verify the @membranehq/cli package and the getmembrane project (check npm and the GitHub repo) to ensure you trust the publisher; (2) be aware the workflow requires network access and a Membrane account — Membrane will broker auth and API calls, so review their privacy/security posture if you will pass sensitive content; (3) prefer installing CLI tools in a controlled environment (container or non‑global install) if you want to limit supply‑chain exposure; and (4) if you are uncomfortable with autonomous agent invocation making proxied API requests, consider restricting the skill or requiring explicit user confirmation before actions that send data to external services.Like a lobster shell, security has layers — review code before you run it.
latestvk978bvptkq4dv4s552j91sk2en843pbn
License
MIT-0
Free to use, modify, and redistribute. No attribution required.