ClawHub

Leyr

v1.0.2

Leyr integration. Manage data, records, and automate workflows. Use when the user wants to interact with Leyr data.

0· 92·0 current·0 all-time
byMembrane Dev@membranedev
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name and description (Leyr integration) match the instructions: all actions are performed via the Membrane CLI or Membrane proxy to Leyr. No unrelated services, binaries, or credentials are requested.
Instruction Scope
SKILL.md only instructs installing/running the Membrane CLI and using its commands (login, connect, action list/run, request). It does not direct reading unrelated files, scanning system state, or exfiltrating data to unexpected endpoints. It explicitly instructs not to ask users for API keys.
Install Mechanism
There is no registry install spec (instruction-only), but SKILL.md tells users to run `npm install -g @membranehq/cli` (and suggests `npx` usage). This is proportionate to the claimed purpose but does require installing a third-party global npm package — verify @membranehq/cli is the intended package and audit it before installing globally.
Credentials
The skill declares no required environment variables, no config paths, and no primary credential. It relies on Membrane to manage auth, which is appropriate for a connector integration.
Persistence & Privilege
The skill is not forced-always and follows normal autonomous-invocation defaults. Be aware that, if the agent is allowed to invoke the skill, it can run Membrane CLI commands that act on your Membrane session (network operations performed under your account). This is expected but worth considering when granting the agent autonomy.
Assessment
This skill appears to do what it says: use Membrane's CLI to connect to Leyr. Before installing/using it: (1) verify the @membranehq/cli package (and its publisher) before running a global npm install — prefer `npx` or reviewing the package code if you have concerns; (2) use a Membrane account with least privilege for automation (avoid using highly privileged/production accounts if you permit autonomous agent invocation); (3) review any Membrane actions the agent proposes to run before approving them, since the agent can perform network operations under your Membrane session; (4) if you run in a shared or headless environment, follow the headless login flow carefully to avoid leaking auth codes. Overall the skill is coherent, but exercise the usual caution when installing CLIs and granting agent-driven access to an account.

Like a lobster shell, security has layers — review code before you run it.

latestvk975ek0jem281057zx782ts5vn8432d5

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments