Goody
v1.0.2Goody integration. Manage Organizations, Pipelines, Projects, Users, Goals, Filters. Use when the user wants to interact with Goody data.
⭐ 0· 133·1 current·1 all-time
byMembrane Dev@membranedev
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name/description (Goody integration) align with the instructions which exclusively describe using the Membrane CLI to manage Goody data. There are no unrelated environment variables, binaries, or config paths requested.
Instruction Scope
SKILL.md limits runtime actions to installing and running the Membrane CLI (login, search/connect, action run, proxy requests). It does not instruct the agent to read arbitrary local files, other env vars, or exfiltrate data. Note: the documented `membrane request` command can proxy arbitrary API requests to Goody (expected for this integration) — misuse could send arbitrary data to external endpoints, but that's coherent with the skill's purpose.
Install Mechanism
The skill is instruction-only (no platform install spec) but tells users to run `npm install -g @membranehq/cli`. Installing a global npm package pulls code from the public npm registry (moderate risk compared to no install). This is proportionate to the skill but users should be aware they are installing third-party CLI code.
Credentials
No environment variables, secrets, or config paths are requested by the skill. The instructions require a Membrane account (handled via browser auth) rather than asking for API keys, which is proportionate to the described functionality.
Persistence & Privilege
always is false and the skill does not request persistent or elevated privileges, nor does it instruct changes to other skills or system-wide agent settings. It relies on the user-installed Membrane CLI for functionality.
Assessment
This skill is instruction-only and legitimate for interacting with Goody via the Membrane platform. Before proceeding: (1) understand you'll be asked to install a global npm package (@membranehq/cli) — that executes code from the npm registry, so verify the package and its publisher; (2) you will authenticate via a browser-based Membrane login (no API keys requested locally); (3) the CLI can proxy arbitrary requests to Goody — ensure you trust Membrane and do not use it to send sensitive unrelated data; (4) confirm the homepage/repository (getmembrane.com and the referenced GitHub repo) look legitimate. If any of those checks fail or you prefer not to install a global CLI, do not enable the skill.Like a lobster shell, security has layers — review code before you run it.
latestvk97bnxc6xerhbcad5wcxfq4ma5842fdk
License
MIT-0
Free to use, modify, and redistribute. No attribution required.