Onespan
v1.0.0OneSpan integration. Manage data, records, and automate workflows. Use when the user wants to interact with OneSpan data.
⭐ 0· 30·0 current·0 all-time
byMembrane Dev@membranedev
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name/description (OneSpan integration) align with the instructions: all runtime steps are about discovering and calling OneSpan actions through the Membrane CLI. There are no unrelated credential requests or unrelated binaries required.
Instruction Scope
All instructions focus on installing and using the Membrane CLI to connect to OneSpan, list actions, run actions, or proxy raw requests. This is within scope, but proxying means requests and payloads will flow through Membrane's servers — users should be aware that OneSpan data will be visible to the Membrane service.
Install Mechanism
The skill is instruction-only (no install spec), but the SKILL.md tells users to install @membranehq/cli via npm (-g) or use npx. Installing or running npm/npx executes code from the npm registry and writes binaries to disk; this is expected for a CLI but worth considering (verify package publisher, prefer pinned versions or review package source if you have strict supply-chain constraints).
Credentials
The skill declares no required env vars, no local config paths, and explicitly advises against asking users for OneSpan API keys (it relies on Membrane-managed connections). The requested access is proportional to the stated purpose.
Persistence & Privilege
The skill does not request always: true or other elevated persistence. It is user-invocable and allows normal autonomous invocation (platform default). It does not ask to modify other skills or global agent configurations.
Assessment
This skill delegates OneSpan access to the Membrane service via their CLI. Before installing or using it: (1) confirm you trust Membrane — the CLI and proxy will see OneSpan request/response data and Membrane manages credentials server-side; (2) be aware npm -g or npx executes code from the registry and will install global binaries (use audited/pinned releases if you need stricter supply-chain control); (3) review Membrane account permissions and the OneSpan connection's scope so it cannot access more data than necessary; (4) avoid running this in highly sensitive environments unless your org approves the third-party proxying model; (5) if you need assurance, inspect the Membrane CLI source repository and the npm publisher identity before proceeding.Like a lobster shell, security has layers — review code before you run it.
latestvk970g0a81c44ecj9za8y1bfpyx8479ga
License
MIT-0
Free to use, modify, and redistribute. No attribution required.