Bump
v1.0.0Bump integration. Manage data, records, and automate workflows. Use when the user wants to interact with Bump data.
⭐ 0· 57·0 current·0 all-time
byMembrane Dev@membranedev
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name, description, and SKILL.md all describe a Membrane-based integration for interacting with Bump data. No unrelated credentials, binaries, or config paths are requested, so requested capabilities align with the stated purpose.
Instruction Scope
The SKILL.md tells the agent to install and use the Membrane CLI, run commands to list/connect actions, and proxy requests via Membrane. It does not instruct reading unrelated files, accessing unrelated environment variables, or exfiltrating data to unexpected endpoints. It explicitly advises against asking users for API keys.
Install Mechanism
Install instructions call for a global npm install of @membranehq/cli. This is expected for a CLI-driven integration, but global npm installs and running published CLIs introduce the usual supply-chain and installation risks (npm package integrity, global write access). The instruction-only nature means nothing is written by the skill itself, but the agent/user must perform the install.
Credentials
The skill declares no required environment variables, no primary credential, and the SKILL.md indicates Membrane handles auth server-side. There are no disproportionate credential requests.
Persistence & Privilege
The skill is not always-on and is user-invocable; it does not request to modify other skills or agent-wide settings. There are no indicators of elevated persistent privileges.
Assessment
This skill is an instructions-only integration that relies on the Membrane CLI. Before installing/using it: (1) confirm you trust the @membranehq/cli npm package and the Membrane service (review their homepage/repo and reputation), (2) be aware that doing the global npm install will write software to your system and requires network/browser-based login, and (3) follow the skill's guidance to avoid sharing API keys—the CLI manages auth. If you need a higher assurance, verify the CLI package source (GitHub repo and npm publisher) and review Membrane's privacy/security docs before proceeding.Like a lobster shell, security has layers — review code before you run it.
latestvk9724ht3a14w0a8hzbk3ryh99d84bhhj
License
MIT-0
Free to use, modify, and redistribute. No attribution required.