Faceup
v1.0.0FaceUp integration. Manage data, records, and automate workflows. Use when the user wants to interact with FaceUp data.
⭐ 0· 69·0 current·0 all-time
byMembrane Dev@membranedev
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The skill name/description (FaceUp integration) matches the SKILL.md which instructs use of Membrane to connect to FaceUp. No unrelated services, env vars, or binaries are requested. (Minor note: the registry metadata lists no required binaries but the runtime instructions recommend installing the Membrane CLI — this is an expected, low-friction instruction-only detail.)
Instruction Scope
Instructions stay within the stated scope: they direct the operator to install and use the Membrane CLI to authenticate and run actions or proxied API requests against FaceUp. These commands will cause data/requests to go through Membrane's servers (expected for this design), so you must trust Membrane with proxied FaceUp data. The skill does not instruct reading arbitrary local files or unrelated environment variables.
Install Mechanism
There is no embedded install spec in the skill bundle (lowest static risk), but the SKILL.md recommends installing @membranehq/cli via npm (global install). npm is a standard package source, but global installs modify system state and should be verified (check package source and integrity) before proceeding.
Credentials
No environment variables, secrets, or config paths are requested by the skill. The SKILL.md explicitly instructs the use of Membrane for credential handling and advises not to ask users for API keys, which is proportionate to the integration purpose.
Persistence & Privilege
The skill does not request permanent presence (always: false) and is user-invocable. It does not attempt to modify other skills or system-wide agent configuration. Autonomous invocation is allowed by default but is not combined with other concerning privileges here.
Assessment
This skill appears to be what it says: a FaceUp integration that uses the Membrane CLI as a proxy. Before installing or following the SKILL.md: 1) Verify you trust Membrane/getmembrane.com and review their privacy/security docs because proxied requests and auth tokens will be handled by their service. 2) Inspect the @membranehq/cli package on npm or its GitHub repo before doing a global npm install; prefer installing in a controlled environment or using npx when possible. 3) When connecting, review the connection scopes and the actions returned by membrane action list to avoid unintentionally granting broad access. 4) If running in a headless or automated agent, ensure you understand how the login flow will be completed (browser-based vs. headless flow) and do not share unrelated local files or secrets during setup. If you want extra assurance, ask the skill author for an explicit list of API endpoints/actions that will be used and for links to the Membrane CLI source/release page.Like a lobster shell, security has layers — review code before you run it.
latestvk979852s2ctdmhsrph53jm5ts98449m3
License
MIT-0
Free to use, modify, and redistribute. No attribution required.