Codereadr
v1.0.2CodeREADr integration. Manage data, records, and automate workflows. Use when the user wants to interact with CodeREADr data.
⭐ 0· 109·0 current·0 all-time
byMembrane Dev@membranedev
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description match the runtime instructions: the SKILL.md instructs using the Membrane CLI to manage CodeREADr resources. Nothing in the instructions asks for unrelated services or credentials.
Instruction Scope
All runtime instructions are CLI commands for the @membranehq/cli (login, connect, action list, etc.). This stays within the stated purpose, but the skill relies on interactive browser-based auth and the Membrane CLI to mediate access to CodeREADr. The doc includes destructive actions (delete-scans, delete-database) — callers should ensure confirmation before executing those.
Install Mechanism
No install spec in the registry (instruction-only), but the SKILL.md recommends installing a public npm package (@membranehq/cli) globally. Using a public npm CLI is expected for this integration; it is a moderate-risk install action (global npm installs affect system tooling) but not a red flag by itself.
Credentials
The skill declares no required environment variables or secrets. Authentication is delegated to the Membrane CLI/browser flow, which is consistent with the skill's purpose. There are no requests for unrelated credentials or config paths.
Persistence & Privilege
always is false and the skill is user-invocable. Autonomous model invocation is enabled by default (normal). The skill does not request persistent elevated privileges or modify other skills' configs.
Assessment
This appears coherent, but take the following precautions before installing or using it: 1) Verify and trust the Membrane project and the @membranehq/cli package (review its npm page and source repository) because the CLI will act as a proxy for API calls and will store auth state locally. 2) Installing with npm -g modifies global packages; prefer using a controlled environment (container/VM) if you’re cautious. 3) The skill’s instructions include destructive commands (delete-*). Confirm any delete operations with the user and validate connection/action IDs before running. 4) If you need stricter control, restrict autonomous invocation for this skill in your agent or require manual approval for actions that modify or delete data. 5) If you want higher assurance, ask the publisher for a link to the exact CLI source code/repository and verify the connector behavior and what data is sent through Membrane.Like a lobster shell, security has layers — review code before you run it.
latestvk97ferq8rsm2escs8tcf4796w98420m2
License
MIT-0
Free to use, modify, and redistribute. No attribution required.