Helium
v1.0.2Helium integration. Manage Organizations. Use when the user wants to interact with Helium data.
⭐ 0· 128·0 current·0 all-time
byMembrane Dev@membranedev
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The skill is described as a Helium integration and all runtime instructions call the Membrane CLI to discover connectors, create connections, run actions, or proxy requests to Helium. Requiring a Membrane account and CLI is consistent with the stated purpose.
Instruction Scope
SKILL.md only instructs installing and using the Membrane CLI, logging in via browser, listing/connecting actions, running actions, and proxying API requests through Membrane. It does not instruct reading unrelated local files or exfiltrating arbitrary system data. Note: the 'membrane request' proxy can send arbitrary calls to the Helium API (expected for this integration).
Install Mechanism
This is an instruction-only skill (no install spec or code). It instructs the user to run `npm install -g @membranehq/cli` which is a common but moderately privileged install (global npm package writes to disk). This is expected for using the Membrane CLI but users should verify the package and publisher before installing globally.
Credentials
The skill declares no required env vars or credentials. Authentication is delegated to the Membrane CLI/browser flow, which is proportionate to the task. There are no unexplained requests for unrelated credentials or config paths.
Persistence & Privilege
The skill is not always-enabled and uses normal autonomous invocation defaults. It does not request persistent system-level changes or modify other skills' configurations in the provided instructions.
Assessment
This skill delegates all access to Helium through the Membrane CLI/service. Before installing or using it: (1) verify the @membranehq/cli package and publisher on npm and the provided GitHub/homepage links; (2) understand that logging in grants Membrane access to your Helium data so only connect accounts you trust and apply least-privilege / limited scopes if possible; (3) be aware the 'membrane request' command can proxy arbitrary Helium API calls—avoid asking the agent to run requests that expose or modify sensitive resources you don't intend to share; (4) consider installing and running the CLI in an isolated environment (container or VM) if you want to limit system impact; and (5) revoke the connection from Membrane if you stop using the integration.Like a lobster shell, security has layers — review code before you run it.
latestvk9777xf5sx7dzj87rnzsdmf4kn843fke
License
MIT-0
Free to use, modify, and redistribute. No attribution required.