Flexitime
v1.0.0Flexitime integration. Manage data, records, and automate workflows. Use when the user wants to interact with Flexitime data.
⭐ 0· 57·0 current·0 all-time
byMembrane Dev@membranedev
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
The name/description (Flexitime integration) matches the runtime instructions: all actions use the Membrane CLI or its proxy to interact with Flexitime APIs. There are no unrelated credentials, binaries, or config paths requested.
Instruction Scope
SKILL.md only instructs installing and using the Membrane CLI, creating connections, listing/ running actions, and proxying requests to Flexitime. It does not ask the agent to read arbitrary local files or unrelated credentials. Note: it expects network access and browser-based auth flows (or headless flow), and it suggests using npx for ad‑hoc commands which executes remote package code at runtime.
Install Mechanism
There is no formal install spec, but the instructions recommend installing @membranehq/cli via npm (global) and using npx. Installing/running a package from npm is a typical way to get a CLI but brings the usual risks of running third‑party registry code—verify the package and source (homepage/GitHub) before installing in sensitive environments.
Credentials
The skill requires no local environment variables or secrets and explicitly instructs not to ask users for API keys. It relies on Membrane to store/refresh credentials server-side, which is proportionate to the described purpose (connecting to Flexitime).
Persistence & Privilege
The skill does not request always:true and has no install-time persistence or system-wide changes. Autonomous invocation is allowed (platform default) but not combined with additional elevated privileges here.
Assessment
Before installing or running this skill: (1) Confirm you trust Membrane (@membranehq/cli) by checking the package on npm and the linked GitHub/getmembrane.com pages. (2) Prefer running in a sandbox or non‑privileged environment if you must install the CLI (npm -g and npx execute third‑party code). (3) Be aware that Membrane will handle and store connector credentials server‑side—ensure this complies with your data/privacy policies. (4) If you cannot or will not install third‑party CLIs, implement equivalent calls via verified APIs or review the CLI source before use. The skill itself appears coherent with its stated purpose, but verify the external tool before trusting it with sensitive data.Like a lobster shell, security has layers — review code before you run it.
latestvk97cra5qn1zhtqcessnjfyvg058488jc
License
MIT-0
Free to use, modify, and redistribute. No attribution required.