Aikido Security
v1.0.0Aikido Security integration. Manage data, records, and automate workflows. Use when the user wants to interact with Aikido Security data.
⭐ 0· 91·0 current·0 all-time
byMembrane Dev@membranedev
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name and description describe an Aikido Security integration and the SKILL.md consistently instructs the agent to use the Membrane CLI and Membrane connectors to interact with Aikido Security. The actions described (connectors, action listing, proxy requests) match the stated purpose.
Instruction Scope
The SKILL.md stays within the integration scope (using the Membrane CLI to discover and run connector actions and to proxy API calls). It recommends installing the Membrane CLI and running commands that open a browser for auth or use a headless flow — these are expected for this integration. Minor note: the skill references installing and running an npm-installed CLI but the skill metadata did not declare 'npm' or a required binary; this is an implementation instruction rather than a hidden credential/access request.
Install Mechanism
There is no formal install spec in the registry (lowest-risk layout), but the SKILL.md tells the user to run 'npm install -g @membranehq/cli'. Installing from the public npm registry is a standard mechanism for this CLI and is proportional to the task; however it does mean local installation of a third-party CLI is required and users should validate the package/source before global installation.
Credentials
The skill declares no required env vars or credentials and explicitly instructs not to ask users for API keys, instead relying on Membrane-managed connections and browser-based auth. That is proportionate to the purpose. The user will need a Membrane account and to grant access via the login flow.
Persistence & Privilege
The skill is instruction-only, has no install-time persistence, and does not request 'always: true' or other elevated privileges. Autonomous invocation remains allowed (platform default) but nothing in the skill requests elevated or persistent system privileges.
Assessment
This skill is coherent: it delegates auth to the Membrane CLI and uses connector actions or a proxy to call Aikido Security APIs. Before installing or running it: (1) verify the Membrane project and @membranehq/cli package (source, maintainer, and permissions) and prefer installing in a contained environment rather than globally if you are unsure; (2) be prepared to authenticate via the browser/OAuth flow and review the scopes/permissions requested by Membrane; (3) avoid pasting raw API keys into chat — the skill explicitly advises against that; (4) test read-only actions first to confirm behavior; and (5) review Membrane's privacy/security documentation because Membrane will broker access to your Aikido Security data and will see proxied requests and responses.Like a lobster shell, security has layers — review code before you run it.
latestvk97d6rec2g3c6w1nbqypjz9swx84grhe
License
MIT-0
Free to use, modify, and redistribute. No attribution required.