Apiflash
v1.0.2ApiFlash integration. Manage Organizations, Pipelines, Projects, Users, Filters. Use when the user wants to interact with ApiFlash data.
⭐ 0· 230·1 current·1 all-time
byMembrane Dev@membranedev
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The skill declares an ApiFlash integration and all runtime instructions revolve around discovering connectors/actions and proxying requests via the Membrane CLI. No unrelated credentials, binaries, or config paths are requested.
Instruction Scope
Instructions are focused on using the Membrane CLI (login, connect, action run, request). They implicitly send API requests and credentials through Membrane's service (proxy/connector) — this is coherent with the stated design but means data and auth are handled by a third party rather than locally.
Install Mechanism
There is no formal install spec in the registry metadata, but SKILL.md instructs installing @membranehq/cli via `npm install -g`. Requiring a global npm package is reasonable for a CLI-driven skill but introduces supply-chain/trust considerations (third-party package, global install privileges, no pinned version/hash).
Credentials
The skill requests no environment variables, files, or local secrets. It explicitly instructs not to ask users for API keys and to rely on Membrane-managed connections, which aligns with its stated purpose.
Persistence & Privilege
Skill is instruction-only, has no always:true flag, and does not request persistent system modifications or access to other skills' configs. Normal autonomous invocation settings are unchanged.
Assessment
This skill appears to do what it says: it uses the Membrane CLI to connect to ApiFlash and run actions. Before installing/using it, consider: (1) you'll need to install a third‑party global npm package (@membranehq/cli) — verify the package name, version, and publisher on npm and prefer a non-root install if possible; (2) Membrane will proxy your requests and manage ApiFlash credentials server-side, so review Membrane's privacy/security policy and trustworthiness if you don't want request payloads or API access routed through another service; (3) in sensitive environments, test the CLI in a sandbox or inspect its source (https://github.com/membranedev/application-skills and the @membranehq/cli repo) before use; (4) no local secrets are requested by the skill itself, but be mindful of the data you send through the proxy. If any of these points are unacceptable, do not install or use the skill.Like a lobster shell, security has layers — review code before you run it.
latestvk97585xq3ew7ry6nhxc5c483ts842qp5
License
MIT-0
Free to use, modify, and redistribute. No attribution required.