Asavie
v1.0.0Asavie integration. Manage data, records, and automate workflows. Use when the user wants to interact with Asavie data.
⭐ 0· 27·0 current·0 all-time
byMembrane Dev@membranedev
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Benign
high confidencePurpose & Capability
The skill claims to integrate with Asavie and instructs the agent to use the Membrane CLI and a Membrane account to proxy requests to Asavie. Requiring the Membrane CLI and a Membrane account is coherent with that purpose; no unrelated credentials, binaries, or system paths are requested.
Instruction Scope
SKILL.md only instructs the agent to install and run the Membrane CLI, create/list connections, run actions, and optionally proxy raw API requests through Membrane. The instructions do not direct the agent to read arbitrary host files, harvest credentials, or post data to unexpected endpoints. They do instruct browser-based login or headless completion codes, which is expected for OAuth-style flows.
Install Mechanism
Installation is via npm global: `npm install -g @membranehq/cli`. This is a standard mechanism for a CLI but carries typical supply-chain and privilege considerations (global npm install writes to system locations). No downloads from unknown URLs or extract operations are requested.
Credentials
The skill declares no required env vars or local credentials and relies on Membrane to manage auth. That is proportionate: it does not request unrelated secrets or system config paths.
Persistence & Privilege
The skill is instruction-only, has no install-time persistent components, and does not request always:true or other elevated presence. Default autonomous invocation is allowed (platform default) and is not, by itself, a concern here.
Assessment
This skill appears internally consistent, but before installing run these checks: 1) Verify you trust Membrane (@membranehq) because the CLI and Membrane service will broker access to your Asavie data and will see proxied requests; 2) Inspect the referenced repository and the npm package page for @membranehq/cli (review authors, recent releases, and install counts) to reduce supply-chain risk; 3) Prefer installing the CLI in a controlled environment (container, VM, or per-user install) rather than system-wide if you are cautious about global npm installs; 4) Be aware that authentication uses browser-based login and Membrane-managed credentials — don’t paste secrets into chat; 5) If you need higher assurance, ask the skill author for a signed provenance or use an audited/enterprise-approved connector instead. Overall the skill is coherent with its stated purpose, but trust in the Membrane service and the npm package is the primary external risk to evaluate before use.Like a lobster shell, security has layers — review code before you run it.
latestvk972qrcnf59j7dmyf0m1racq2n847w06
License
MIT-0
Free to use, modify, and redistribute. No attribution required.