Gitpod
v1.0.0Gitpod integration. Manage data, records, and automate workflows. Use when the user wants to interact with Gitpod data.
⭐ 0· 26·0 current·0 all-time
byMembrane Dev@membranedev
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name/description (Gitpod integration) match the instructions (use Membrane CLI to create connections, list actions, run actions, and proxy requests). No unrelated credentials, binaries, or config paths are requested.
Instruction Scope
Instructions are scoped to installing and using the Membrane CLI and its commands (connect, action list/run, request). One notable capability: 'membrane request' allows arbitrary proxied requests to the Gitpod API, which is expected for an integration but gives broad power to interact with any API endpoints the Gitpod connection permits. The SKILL.md otherwise avoids asking for unrelated files, env vars, or secrets.
Install Mechanism
This is an instruction-only skill (no install spec). It recommends installing @membranehq/cli via npm -g or using npx. That is a standard approach but carries normal risks: global npm installs may require elevated privileges and introduce supply-chain risk from the npm package. The skill itself does not silently download or execute arbitrary remote code.
Credentials
No environment variables, credentials, or config paths are declared or required by the skill; authentication is performed via Membrane's browser-based flow. Requesting no local secrets is proportional to the stated purpose.
Persistence & Privilege
The skill does not request always:true or any elevated platform privilege. It's user-invocable and can be invoked autonomously per platform defaults; it does not modify other skills or system-wide settings.
Assessment
This skill is coherent: it tells the agent to install and use the Membrane CLI to manage Gitpod via a Membrane-hosted connection. Before installing, consider: 1) Trust and review Membrane (@membranehq) — read their privacy/security docs to understand how connections/credentials are stored and who can access proxied requests. 2) Verify the npm package (publisher, download counts, repository) before running npm -g, or prefer npx to avoid a global install. 3) Be aware that 'membrane request' can issue arbitrary API calls under the authenticated Gitpod connection—limit scopes and avoid granting access to high-privilege accounts unless you trust the integration. 4) If you need stricter control, test in an isolated account or environment first and confirm which Gitpod scopes the connector requests.Like a lobster shell, security has layers — review code before you run it.
latestvk971z0a0pjr9r40pb04mex43md847gt4
License
MIT-0
Free to use, modify, and redistribute. No attribution required.