Booqable
v1.0.2Booqable integration. Manage data, records, and automate workflows. Use when the user wants to interact with Booqable data.
⭐ 0· 118·0 current·0 all-time
byMembrane Dev@membranedev
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
Name/description (Booqable integration) match the instructions: all actions are performed via Membrane and target Booqable resources. No unrelated services, binaries, or env vars are requested.
Instruction Scope
SKILL.md tells the agent to install and use the Membrane CLI, run membrane login/connect/action/run/request commands, and to use Membrane as a proxy to the Booqable API. It does not instruct reading local secrets or unrelated system files. The proxy behavior means data flows through Membrane (documented in the instructions).
Install Mechanism
There is no formal install spec in the registry, but the README instructs users to run `npm install -g @membranehq/cli`. Global npm installs execute third‑party code on the host and are a moderate supply-chain risk; the instruction lacks checksums or pinned versions. This is expected for a CLI-based integration but worth caution.
Credentials
The skill declares no required env vars or credentials. Authentication is delegated to Membrane via browser-based login/connector flows. The requested scope (granting Membrane access to Booqable on the user's behalf) is proportional to the stated purpose, but is a privacy/trust decision for the user.
Persistence & Privilege
Registry flags show no always:true and the skill is instruction-only. The only persistence comes from installing the Membrane CLI and its local auth state (normal for CLIs). The skill does not request to modify other skills or system-wide agent settings.
Assessment
This skill appears coherent: it uses Membrane to access Booqable and does not ask for unrelated secrets. Before installing, consider: 1) The instructions require installing a global npm package (@membranehq/cli) — verify the package name, publisher, and review npm metadata and versions; prefer installing in a controlled environment (container, VM, or non-shared account) if you're cautious. 2) The integration delegates auth to Membrane — review what permissions the browser consent flow asks for and Membrane's privacy/security docs (token storage, data handling). 3) If you have organizational policies about third-party CLIs or global npm installs, follow them. 4) For headless or automated environments, understand where the CLI stores credentials locally and rotate tokens if needed.Like a lobster shell, security has layers — review code before you run it.
latestvk97cpmfr6dbyfc31dc6n8pbrxd8435yc
License
MIT-0
Free to use, modify, and redistribute. No attribution required.