Cnvrgio
v1.0.0Cnvrg.io integration. Manage data, records, and automate workflows. Use when the user wants to interact with Cnvrg.io data.
⭐ 0· 54·0 current·0 all-time
byMembrane Dev@membranedev
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
Name/description (Cnvrg.io integration) match the instructions: all runtime steps show using Membrane to discover connectors, create connections, run actions, and proxy API requests to Cnvrg.io. No unrelated credentials, binaries, or paths are requested.
Instruction Scope
SKILL.md instructs installing and using the Membrane CLI, logging in via browser, creating connections, running actions, and using Membrane's proxy to send arbitrary API requests to Cnvrg.io. This is within the skill's purpose, but proxying means data and API calls will flow through Membrane's service — that is expected but important to be aware of.
Install Mechanism
No install spec in registry (instruction-only), but SKILL.md tells the user to run `npm install -g @membranehq/cli`. Installing a global npm package executes third-party code; this is a standard approach but carries the usual supply-chain/execution risk — verify package provenance and prefer npx or an audit if you are cautious.
Credentials
The skill requires no environment variables, secrets, or config paths in the registry metadata. The instructions explicitly say not to ask users for API keys and rely on Membrane-managed connections, which is proportionate to the stated functionality.
Persistence & Privilege
Skill is instruction-only, does not request always:true, does not modify other skills or system-wide settings, and has normal autonomous invocation settings. No elevated persistence or privileges are requested.
Assessment
This skill appears to do what it says: it uses the Membrane CLI to integrate with Cnvrg.io and does not ask for unrelated secrets. Before installing, verify the @membranehq/cli package on the npm registry (publisher, download counts, repo, recent commits), review Membrane's privacy/security docs (how they handle proxied data and credentials), and consider running the CLI via npx (or in an isolated/sandbox environment) rather than installing globally. If you are in a sensitive environment, confirm which Cnvrg.io resources the connector will access and whether routing requests through Membrane is acceptable for your data policies.Like a lobster shell, security has layers — review code before you run it.
latestvk97fdvja0raq3y3x0pfzaq1p2n849tx0
License
MIT-0
Free to use, modify, and redistribute. No attribution required.