Invoice Ninja
v1.0.2Invoice Ninja integration. Manage Organizations. Use when the user wants to interact with Invoice Ninja data.
⭐ 0· 114·0 current·0 all-time
byMembrane Dev@membranedev
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name/description (Invoice Ninja integration) match the SKILL.md instructions which show how to use the Membrane CLI to connect to Invoice Ninja, list actions, run actions, and proxy API requests. No unrelated credentials, binaries, or config paths are requested.
Instruction Scope
Instructions are narrowly scoped to installing and using the Membrane CLI, performing login/connection flows, discovering actions, running actions, and proxying requests. The SKILL.md does not instruct reading arbitrary files, environment variables, or sending data to unexpected endpoints beyond Membrane/Invoice Ninja. It explicitly recommends not asking users for API keys and defers auth to Membrane.
Install Mechanism
This is an instruction-only skill (no install spec), but the README tells users to run `npm install -g @membranehq/cli`. Installing a global npm package is a reasonable, common step for CLI usage but carries the usual moderate risk of executing code from the npm registry. The skill itself does not embed downloads or scripts.
Credentials
The skill declares no required environment variables or credentials. The SKILL.md delegates credential management to Membrane rather than asking for API keys locally, which is proportionate to the integration purpose.
Persistence & Privilege
The skill is not always-enabled and is user-invocable; autonomous invocation is allowed (platform default) but not combined with other high-risk factors. The skill does not request persistent system-wide privileges or modify other skills' configs.
Assessment
This skill is coherent: it simply instructs the agent to use the Membrane CLI to interact with Invoice Ninja. Before installing, verify you trust the Membrane service and the @membranehq/cli package (review the package source, repository, and permissions). If you prefer tighter control, avoid global npm installs (use a local install or container) and confirm that you are comfortable authenticating via Membrane's hosted flow (Membrane will mediate credentials server-side). Remember: no scan findings does not guarantee safety—review the CLI package and Membrane's privacy/security documentation if you need high assurance.Like a lobster shell, security has layers — review code before you run it.
latestvk97a9p39zk3g8hmrg2pzyzzw91843wq1
License
MIT-0
Free to use, modify, and redistribute. No attribution required.