Emailable
v1.0.2Emailable integration. Manage Persons, Organizations. Use when the user wants to interact with Emailable data.
⭐ 0· 102·0 current·0 all-time
byMembrane Dev@membranedev
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description map to the provided instructions: the SKILL.md exclusively documents using the Membrane CLI to access Emailable (actions, requests, connections). There are no unrelated env vars, binaries, or config paths requested.
Instruction Scope
Runtime instructions are limited to installing and using the Membrane CLI, creating connections, listing actions, running actions, and proxying requests to Emailable via Membrane. The document explicitly advises against asking users for API keys. It does not instruct reading unrelated files or environment variables.
Install Mechanism
Install instructions call for npm install -g @membranehq/cli (a public npm package). This is an expected mechanism for a CLI-based integration, but global npm installs write files to the system and execute third-party code — users should verify the package and publisher before installing.
Credentials
The skill declares no required env vars or credentials. It requires a Membrane account (documented) and uses browser-based auth handled by Membrane, which is proportional to the stated purpose.
Persistence & Privilege
The skill is instruction-only, has no install-time hooks, does not request always:true, and does not modify other skills or system-wide agent settings. Autonomous invocation is allowed (platform default) and is not combined with other concerning privileges.
Assessment
This skill appears coherent: it uses the Membrane CLI to reach Emailable and asks for no unrelated secrets. Before installing or running it: 1) verify you trust the @membranehq package and its publisher (review the package on npm and the CLI repo), 2) confirm the homepage/repository URLs and examine Membrane's privacy/permissions because it proxies requests and manages credentials server-side, 3) be aware that npm install -g will write a global binary (you may prefer a scoped or versioned install), and 4) avoid running CLI binaries from untrusted sources. If you need stronger assurance, ask the publisher for the exact CLI package checksum or a signed release to validate the installer.Like a lobster shell, security has layers — review code before you run it.
latestvk97be66ws0pspexsntmvhv2jrx843f0q
License
MIT-0
Free to use, modify, and redistribute. No attribution required.