Lighton
v1.0.0LightOn integration. Manage data, records, and automate workflows. Use when the user wants to interact with LightOn data.
⭐ 0· 53·0 current·0 all-time
byMembrane Dev@membranedev
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The skill claims to integrate LightOn and all instructions target the Membrane CLI and Membrane-hosted LightOn connector. No unrelated credentials, binaries, or paths are requested.
Instruction Scope
Runtime instructions are limited to installing/using the Membrane CLI, logging in via browser, listing/connecting actions and proxying requests to LightOn. The docs do not instruct reading arbitrary files, accessing unrelated env vars, or exfiltrating data outside the expected Membrane/LightOn flow.
Install Mechanism
This is an instruction-only skill but it tells users to run `npm install -g @membranehq/cli` or use `npx`. Installing a global npm package is a moderate-risk operation because it executes third-party code on your machine; this is expected for a CLI-based integration but you should verify the package and publisher before installing.
Credentials
The skill declares no required environment variables or credentials and explicitly instructs to use Membrane connections instead of asking for API keys. The requested access is minimal and appropriate for the stated purpose.
Persistence & Privilege
The skill is not always-enabled and does not request persistent system privileges or modify other skills. Autonomous invocation is allowed by default (normal) but does not combine with other concerning privileges here.
Assessment
This skill appears internally consistent: it delegates auth and API proxying to the Membrane CLI and does not ask for unrelated secrets. Before installing, (1) verify the npm package @membranehq/cli and its publisher (check the package page and the project's GitHub/getmembrane.com) to ensure you're installing the legitimate CLI, (2) prefer using npx if you want to avoid a global install, (3) be aware that Membrane will act as a proxy and therefore will see/request data you send to LightOn, and (4) don't provide API keys outside of the Membrane connection flow. If you need higher assurance, inspect the Membrane CLI source or run it in an isolated environment/container first.Like a lobster shell, security has layers — review code before you run it.
latestvk97988xkfxvd6ng29vfrn6pcrh84ftnx
License
MIT-0
Free to use, modify, and redistribute. No attribution required.