Lemlist
v1.0.0Lemlist integration. Manage data, records, and automate workflows. Use when the user wants to interact with Lemlist data.
⭐ 0· 58·0 current·0 all-time
byMembrane Dev@membranedev
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name/description (Lemlist integration) align with the instructions: all runtime actions are performed via the Membrane CLI and Membrane connections to Lemlist. No unrelated binaries, env vars, or config paths are requested.
Instruction Scope
SKILL.md instructs interactive/headless login via `membrane login` and use of `membrane connect`, `action run`, and `membrane request` to proxy arbitrary Lemlist API calls. These instructions stay within the stated purpose, but proxying allows arbitrary API requests through Membrane — which is expected for this integration but means Membrane (the third party) will see proxied requests and responses.
Install Mechanism
There is no automated install spec in the registry; the README tells users to install an npm package globally (`npm install -g @membranehq/cli`) or use npx. This is a standard approach but carries the normal risks of installing third-party npm packages (verify package origin and integrity).
Credentials
The skill declares no required env vars or local credentials, which is proportionate. However, it requires a Membrane account: Membrane's servers will hold or broker Lemlist credentials and refresh tokens, so using this skill requires trusting that third party with access to your Lemlist data.
Persistence & Privilege
No elevated persistence is requested (always=false). The skill is user-invocable and allows normal autonomous invocation; it does not request system-wide configuration changes or access to other skills' credentials.
Assessment
This skill appears to be what it says: it delegates Lemlist operations to the Membrane CLI and does not ask for local API keys. Before installing or using it, verify the @membranehq/cli npm package and GitHub repository are legitimate and up-to-date, and review Membrane's privacy/security docs because Membrane will broker your Lemlist credentials and see proxied requests. Prefer using npx for one-off calls if you don't want a global install, and avoid pasting secrets into chat; complete authentication in a browser as instructed. If you require that no third party has access to credentials, do not use a proxying service and instead use direct Lemlist API calls with credentials you control.Like a lobster shell, security has layers — review code before you run it.
latestvk97fe5qat35j37hfzhb629drvs84atvj
License
MIT-0
Free to use, modify, and redistribute. No attribution required.