Opswat
v1.0.0OPSWAT integration. Manage data, records, and automate workflows. Use when the user wants to interact with OPSWAT data.
⭐ 0· 54·0 current·0 all-time
byMembrane Dev@membranedev
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
Name/description (OPSWAT integration) align with the instructions: the SKILL.md explains how to use the Membrane CLI to connect to OPSWAT, discover actions, run actions, and proxy API requests. Requested capabilities (none) are proportionate to the stated purpose.
Instruction Scope
Instructions are scoped to installing and using the @membranehq/cli and to creating/using a Membrane connection to OPSWAT. They do instruct the user to run commands that open a browser for auth and to use a proxy request command that will send request payloads through Membrane (i.e., data will transit Membrane's servers). This is expected for this integration but is a privacy consideration.
Install Mechanism
The skill is instruction-only (no install spec in registry) but tells the user to run npm install -g @membranehq/cli. This is a typical install flow but does execute third-party code from the npm registry when the user runs it; the registry entry itself does not perform any automatic installation on install.
Credentials
No environment variables or credentials are requested by the skill. Authentication is delegated to Membrane (browser OAuth flow), which is consistent with the guidance in SKILL.md. Users should note that Membrane will mediate auth and see proxied request data.
Persistence & Privilege
The skill is not always-enabled and is user-invocable. It does not request persistent system-wide changes or access to other skills' configs.
Assessment
This skill appears coherent and uses the Membrane CLI to integrate with OPSWAT. Before using it: (1) verify you trust Membrane (getmembrane.com) because proxying/actions go through their service and may expose request payloads and returned data; (2) be aware the instructions tell you to run npm install -g @membranehq/cli — installing global npm packages executes code from the npm registry, so only install if you trust the package and publisher; (3) review the browser OAuth consent and granted permissions when creating the connection, and avoid sending highly sensitive secrets through the proxy unless you’ve confirmed the privacy/security posture; (4) if source provenance matters, inspect the referenced repository (https://github.com/membranedev/application-skills) and the Membrane docs before proceeding.Like a lobster shell, security has layers — review code before you run it.
latestvk974s1fvjjyz3m0r0hw1w3js218450ej
License
MIT-0
Free to use, modify, and redistribute. No attribution required.