Onetrust
v1.0.0OneTrust integration. Manage data, records, and automate workflows. Use when the user wants to interact with OneTrust data.
⭐ 0· 44·0 current·0 all-time
byMembrane Dev@membranedev
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description match the instructions: the skill is an integration facilitator for OneTrust and all runtime steps call the Membrane CLI (which is explicitly required). There are no unrelated environment variables, binaries, or install requirements listed that would be out of scope.
Instruction Scope
Instructions consistently direct the agent to use the Membrane CLI (membrane login, connect, action list/run, request). This stays within the stated integration purpose, but it means OneTrust requests and data will be proxied through Membrane's service — users should be aware that credentials and proxied request payloads will be handled by Membrane (server-side).
Install Mechanism
The skill is instruction-only (no install spec). It tells users to install @membranehq/cli via npm (global install). Requiring a third-party npm CLI is reasonable for this purpose, but installing global npm packages has moderate operational risk and users should verify the package's provenance (publisher, repository, release) before installation.
Credentials
No environment variables or local config paths are requested. The workflow relies on browser-based OAuth via Membrane rather than asking for API keys locally, which is proportionate to the described functionality.
Persistence & Privilege
The skill does not request persistent or elevated platform privileges (always is false, no config writes are described). It does require network access and a Membrane account, which is appropriate for a proxy-based integration.
Assessment
This skill is coherent: it instructs the agent to use Membrane's CLI to connect to OneTrust and runs actions through Membrane's proxy. Before installing or using it, consider: 1) Membrane will broker authentication and proxy API requests — verify you trust Membrane to see/request your OneTrust data and hold tokens (review their security and privacy documentation). 2) Inspect the @membranehq/cli package source and publisher on npm/GitHub to ensure it's legitimate. 3) Use least-privilege OneTrust connections and consider separate accounts for automation. 4) When installing global npm packages, avoid running as root and prefer managed environments (or use npx for ephemeral usage). If you need stricter data locality or do not want a third-party proxying requests, this skill's architecture (Membrane proxy) may not be appropriate.Like a lobster shell, security has layers — review code before you run it.
latestvk97bx5xz4ykq8qchad24thfq2n845wtb
License
MIT-0
Free to use, modify, and redistribute. No attribution required.