Conversion Tools
v1.0.2Conversion Tools integration. �����������������������������������������������������������������������. Use when the user wants to interact with Conversion To...
⭐ 0· 89·0 current·0 all-time
byMembrane Dev@membranedev
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
The skill's name/description and instructions consistently describe a Membrane-based adapter for Conversion Tools. Minor metadata issues: the description contains strange null/garbled characters and the skill metadata did not declare the Membrane CLI as a required binary even though SKILL.md instructs installing it.
Instruction Scope
SKILL.md stays on-topic: it instructs installing and using the Membrane CLI, creating connections, listing actions, running actions, and proxying requests to the Conversion Tools API. It does not direct the agent to read unrelated files, environment variables, or exfiltrate data outside expected endpoints.
Install Mechanism
No platform install spec is included (instruction-only). The documentation tells the user to run `npm install -g @membranehq/cli` — a public npm package install is a reasonable requirement but carries the usual supply-chain risk of executing third-party code; the skill itself does not include downloads from arbitrary URLs.
Credentials
The skill requests no environment variables or credentials in metadata and explicitly advises using Membrane to manage auth (browser-based login). That is proportional to its stated purpose.
Persistence & Privilege
always is false and the skill does not request system-wide configuration changes or permanent presence. Autonomous invocation is allowed (platform default) but not accompanied by broad privileges or secret access.
Assessment
This skill appears to be a straightforward Membrane connector for Conversion Tools. Before installing or following its instructions: 1) Verify you trust the Membrane project and the npm package @membranehq/cli (check package page, publisher, and repository signatures). Installing a global npm package runs third‑party code—do this only from trusted sources. 2) Confirm the homepage/repository URLs (getmembrane.com and the GitHub repo) match official Membrane channels. 3) Be aware the skill uses browser-based auth and proxies API calls through Membrane (which is intended), so you should not need to paste API keys into the skill; avoid entering credentials outside Membrane. 4) Note the SKILL.md contains garbled/truncated description text and the skill metadata did not list the CLI as a required binary — this looks like sloppy packaging but not necessarily malicious. If you need higher assurance, test in a sandbox environment or ask the publisher to correct the metadata and remove the garbled text.Like a lobster shell, security has layers — review code before you run it.
latestvk97e5jdp0dgb9h27zc6znmq4yn843af0
License
MIT-0
Free to use, modify, and redistribute. No attribution required.