Khoros Marketing
v1.0.0Khoros Marketing integration. Manage data, records, and automate workflows. Use when the user wants to interact with Khoros Marketing data.
⭐ 0· 32·0 current·0 all-time
byMembrane Dev@membranedev
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The skill's name and description (Khoros Marketing integration) match the instructions: all runtime steps use the Membrane CLI to connect, discover actions, run actions, and proxy API requests. No unrelated services, credentials, or binaries are requested.
Instruction Scope
SKILL.md only instructs the agent/user to install and use the Membrane CLI, perform browser-based login, create/connect connections, list actions, run actions, and optionally proxy raw requests. It does not ask to read unrelated files, environment variables, or system config.
Install Mechanism
The guide recommends installing @membranehq/cli via npm (global install) or using npx. This is a common, expected approach for a CLI-driven integration. As with any third-party npm package, the user should confirm the package identity/source before installing and may prefer npx to avoid a global install.
Credentials
The skill declares no required environment variables, no primary credential, and no config paths. Authentication is handled via Membrane's browser-based flow and server-side credential management, which is consistent with the stated design.
Persistence & Privilege
The skill does not request always:true, does not modify other skills, and makes no requests to persistently alter system-wide settings. It is instruction-only and requires explicit user actions (install and login) to operate.
Assessment
This skill uses the Membrane CLI to manage Khoros Marketing access and intentionally delegates auth and credential storage to Membrane. Before installing or using it: 1) verify you trust the Membrane service (getmembrane.com) and review its privacy/security docs because Membrane will see proxied API calls and tokens; 2) prefer npx or inspect the @membranehq/cli package/repo on npm/GitHub instead of blindly doing a global npm install; 3) follow your organization’s policy for granting third-party services access to vendor accounts; and 4) if you need tighter control over credentials, consider a workflow that limits or audits the connection created in Membrane. Overall the skill appears coherent for its stated purpose.Like a lobster shell, security has layers — review code before you run it.
latestvk971j433dkfny3jedb6vqscrzs848ysz
License
MIT-0
Free to use, modify, and redistribute. No attribution required.