Fidel
v1.0.0Fidel integration. Manage data, records, and automate workflows. Use when the user wants to interact with Fidel data.
⭐ 0· 51·0 current·0 all-time
byMembrane Dev@membranedev
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The skill is described as a Fidel integration and all instructions revolve around installing and using the Membrane CLI to connect to Fidel, discover actions, run actions, and proxy requests. Required capabilities (network access and a Membrane account) match the stated purpose.
Instruction Scope
SKILL.md only instructs installing the Membrane CLI, performing browser-based login, creating/listing connections, listing/running actions, and proxying requests via Membrane. It does not instruct the agent to read unrelated files, access undeclared environment variables, or exfiltrate data to unexpected endpoints.
Install Mechanism
There is no formal install spec in the registry (skill is instruction-only), but the README recommends installing @membranehq/cli globally via npm (npm install -g). This is a common approach but does modify the host environment and pulls code from npm; users should be aware of normal supply-chain risks and may prefer using npx to avoid a global install.
Credentials
The skill declares no required environment variables, secrets, or config paths. Authentication is delegated to Membrane's browser-based login/connection flow, which is proportionate to a connector that needs access to card/transaction data. There are no unrelated credential requests.
Persistence & Privilege
The skill is not always-enabled and is user-invocable (normal). It does not request system-wide configuration changes or persistent privileges in the instructions. Autonomous invocation defaults are not overridden.
Assessment
This skill appears internally consistent and simply documents using the Membrane CLI to work with Fidel. Before installing: (1) verify you trust the @membranehq/cli package and its npm publisher (supply-chain risk exists with any npm install -g); consider using npx to avoid altering global state. (2) Understand that Membrane will broker requests and hold auth to the connected Fidel account—you are routing card/transaction data through their service, so confirm their privacy/security/compliance posture (PCI, data retention). (3) The skill itself requests no extra env vars or secrets, but any actions you run may read or send sensitive financial data—review actions and approve connections consciously.Like a lobster shell, security has layers — review code before you run it.
latestvk973a5qfwteb5z3dpjff1sa9z584dfqz
License
MIT-0
Free to use, modify, and redistribute. No attribution required.