Privy
v1.0.0Privy integration. Manage data, records, and automate workflows. Use when the user wants to interact with Privy data.
⭐ 0· 53·0 current·0 all-time
byMembrane Dev@membranedev
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name/description (Privy integration) matches the instructions: all runtime actions are performed via the Membrane CLI which proxies to Privy. The guidance to install @membranehq/cli and to create a Membrane connection for Privy is coherent with the stated purpose.
Instruction Scope
SKILL.md instructs the agent (or user) to run Membrane CLI commands (login, connect, action list/run, request) and to open a browser for auth. The instructions do not direct the agent to read local files or environment variables. Important privacy note: running these commands causes requests and credentials to be handled by Membrane's servers (the CLI proxies requests and injects auth), so data and auth are routed outside the local environment — this is expected behavior but worth explicit user awareness.
Install Mechanism
There is no packaged install spec in the manifest (instruction-only), but the docs instruct users to run npm install -g @membranehq/cli. Installing an npm CLI globally is a common pattern, but npm packages can run install-time scripts; this is a moderate-risk, user-initiated install step that the user should verify (package provenance, npm owner, GitHub repo) before running.
Credentials
The skill requests no environment variables or local credentials, which is proportional. It does, however, require a Membrane account and browser-based login; that requirement is implemented via the CLI flow rather than env vars. It would be clearer if the manifest explicitly noted the need for a Membrane account, but functionally this is consistent.
Persistence & Privilege
No elevated or persistent privileges are requested in the manifest (always is false). The skill is instruction-only and does not modify other skills or request system-wide configuration. Normal autonomous invocation is allowed but not excessive given the scope.
Assessment
This skill uses the Membrane CLI to talk to Privy and relies on your Membrane account to handle authentication. Before using it: 1) verify the @membranehq/cli package and the getmembrane.com / GitHub repo (package owners, recent activity) before running npm install -g; 2) be aware that Membrane's servers will see proxied requests and manage your Privy credentials—avoid sending highly sensitive data through the proxy unless you trust the service and its data retention policies; 3) if you need stricter control, consider using direct Privy API calls with scoped API keys in an environment you control; and 4) the skill does not request local secrets or file access, which reduces local attack surface.Like a lobster shell, security has layers — review code before you run it.
latestvk9734hg8ypn1cg6examawfy4v584dqbx
License
MIT-0
Free to use, modify, and redistribute. No attribution required.