Gift Up
v1.0.2Gift Up! integration. Manage Products, Customers, Orders, Discounts. Use when the user wants to interact with Gift Up! data.
⭐ 0· 96·0 current·0 all-time
byMembrane Dev@membranedev
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name/description (Gift Up! integration) matches the SKILL.md: all actions are performed via Membrane's connector for Gift Up!. There are no unrelated env vars, binaries, or permissions requested.
Instruction Scope
Instructions are limited to installing/using the Membrane CLI, logging in via browser, listing/connecting connectors, running actions, and proxying requests to the Gift Up! API via Membrane. The skill does not instruct reading local files or unrelated environment variables. Note: Membrane acts as a proxy/credential broker — requests will be sent through Membrane and Membrane will hold the API credentials.
Install Mechanism
No install spec in the bundle itself, but the SKILL.md recommends `npm install -g @membranehq/cli`. This is a public npm package (moderate risk). A global npm install runs code on the host during installation and requires elevated write access to npm global directories; this is expected for a CLI but should be vetted before use.
Credentials
The skill declares no required environment variables or credentials. Authentication is delegated to Membrane (browser login/connection flow). This is proportionate, though it means the Membrane account will hold access to Gift Up! resources.
Persistence & Privilege
always is false and there are no instructions to modify other skills or system-wide agent settings. The skill does not request persistent presence beyond normal use of the CLI.
Assessment
This skill is instruction-only and coherent: it uses the Membrane CLI to access Gift Up!. Before installing or using it: (1) Verify the @membranehq/cli package on npm and its GitHub repo to ensure you trust the publisher; (2) consider using a local or npx invocation instead of a global `-g` install if you want to avoid global package writes; (3) be aware that your Membrane account will hold API credentials and can access connected services — use least-privilege or a dedicated account if possible; (4) test CLI operations in a sandbox environment first and review CLI output for unexpected behavior; (5) if you are uncomfortable delegating credentials to a third party, interact with the Gift Up! API directly or with your own tooling instead.Like a lobster shell, security has layers — review code before you run it.
latestvk97cvctds1wk2njr2cdaes4g05842bsr
License
MIT-0
Free to use, modify, and redistribute. No attribution required.