Belco Bv
v1.0.0Belco B.V. integration. Manage data, records, and automate workflows. Use when the user wants to interact with Belco B.V. data.
⭐ 0· 56·0 current·0 all-time
byMembrane Dev@membranedev
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name/description (Belco B.V. integration) matches the instructions (use the Membrane CLI to discover connectors, create connections, run actions, and proxy requests to the Belco API). Nothing requested is unrelated to that purpose.
Instruction Scope
Instructions are limited to installing/using the Membrane CLI, logging in, creating connections, listing actions, running actions, and proxying requests. This is appropriate for an integration skill, but the documented 'membrane request' and 'action run' commands allow arbitrary proxied API calls — so an agent with broad autonomy could send arbitrary data to Belco through Membrane. That capability is expected for a connector but is worth noting as a potential data-exfiltration vector if the agent is allowed to act without user approval.
Install Mechanism
The skill is instruction-only (no install spec). It tells the user to install @membranehq/cli via npm (or use npx). This is proportionate to the stated purpose, but installing a global npm package has the usual supply-chain considerations; using npx avoids a persistent global install.
Credentials
No environment variables, local config paths, or credentials are requested by the skill. The SKILL.md explicitly says Membrane manages auth server-side and instructs not to ask users for API keys, which is consistent and proportional.
Persistence & Privilege
The skill does not request permanent presence (always:false) and does not modify other skills or system-wide settings. Autonomous model invocation is allowed by default but is not combined with other high-risk requests here.
Assessment
This skill appears to be what it says: a how-to for using the Membrane CLI with a Belco connector. Before installing or following the instructions: (1) Verify you trust the Membrane project (getmembrane.com / @membranehq on npm). Prefer using npx to avoid a global npm install. (2) Be aware that the CLI can proxy arbitrary API requests to Belco (membrane request / action run) — do not allow the agent to send sensitive data without explicit review. (3) Use browser-based login flows as instructed so you don't expose credentials on the CLI. (4) If you plan to allow autonomous agent actions, restrict scope or require user confirmation for requests that send or retrieve sensitive data. If you want, I can list the exact CLI commands the agent would run and highlight which ones could transmit user data.Like a lobster shell, security has layers — review code before you run it.
latestvk9706eth8a4g7w0ccazjy37tw184e3pp
License
MIT-0
Free to use, modify, and redistribute. No attribution required.