Greythr
v1.0.0GreytHR integration. Manage data, records, and automate workflows. Use when the user wants to interact with GreytHR data.
⭐ 0· 56·0 current·0 all-time
byMembrane Dev@membranedev
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name/description (GreytHR integration) match the instructions: all runtime steps use the Membrane CLI to discover connectors, create connections, run actions, or proxy API requests. There are no unrelated env vars, binaries, or config paths requested.
Instruction Scope
SKILL.md stays within scope: it instructs installing/running the Membrane CLI, performing browser-based login, creating connections, listing actions, running actions, and proxying requests. One important operational implication: traffic and HR data will flow through Membrane's service (the skill explicitly relies on Membrane as a proxy), so the instructions do transmit user data to that external service — this is expected for the stated design but worth the user's attention.
Install Mechanism
There is no formal install spec; the doc asks the user to run `npm install -g @membranehq/cli` (or use npx in examples). Installing a global npm CLI is a common pattern but carries the usual risks of third-party npm packages (postinstall scripts, supply-chain issues). The package appears to be from the Membrane org per the doc, but the skill bundle itself contains no code to review.
Credentials
The skill requests no environment variables or local secrets. Authentication is delegated to Membrane's browser-based flow (no API keys stored in the skill). This is proportionate, though it means account credentials and proxied HR data are handled by Membrane rather than locally.
Persistence & Privilege
No special persistence or elevated privileges are requested (always:false). The skill is instruction-only and does not modify other skills or system-wide settings. Autonomous invocation is enabled by default for skills but is not combined with other red flags here.
Assessment
This skill appears internally consistent: it tells you to use the Membrane CLI to access GreytHR and does not ask for unrelated credentials. Before installing/using it, confirm you trust Membrane as a proxy for your HR data (privacy/security policies), prefer running the CLI with npx if you want to avoid a global npm install, validate the @membranehq/cli package and its publisher on npm/GitHub, and be aware that using the skill will route HR data through Membrane's servers via their connector/proxy. If you need full local control over credentials or data flow, this design may not be suitable.Like a lobster shell, security has layers — review code before you run it.
latestvk97a2sv0sy6w443npk2w454pqx844afq
License
MIT-0
Free to use, modify, and redistribute. No attribution required.