Pitchlane
v1.0.2Pitchlane integration. Manage Organizations. Use when the user wants to interact with Pitchlane data.
⭐ 0· 101·0 current·0 all-time
byMembrane Dev@membranedev
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name/description (Pitchlane integration) match the SKILL.md: all instructions focus on using the Membrane CLI to manage Pitchlane connections and run actions. There are no unrelated environment variables, binaries, or config paths requested.
Instruction Scope
The SKILL.md confines runtime behavior to installing and using the Membrane CLI, logging in, creating connections, listing actions, running actions, and proxying requests to the Pitchlane API. It does not instruct the agent to read unrelated files, use unrelated credentials, or exfiltrate data to unknown endpoints.
Install Mechanism
There is no built-in install spec (instruction-only), but the doc tells users to run `npm install -g @membranehq/cli`. Installing a global npm CLI is a reasonable, expected step for this integration but does carry the usual supply-chain considerations for npm packages (verify the package and source if you are in a sensitive environment).
Credentials
The skill declares no required env vars or credentials. The instructions explicitly defer auth to Membrane (server-side), so there is no disproportionate request for secrets or unrelated service credentials.
Persistence & Privilege
The skill does not request always:true, does not modify other skills or system-wide settings in the instructions, and remains an instruction-only integration with no extra persistent privileges.
Assessment
This skill appears coherent: it instructs you to install and use the Membrane CLI to connect to Pitchlane and does not ask for unrelated secrets. Before installing, consider: 1) Trust: Membrane (getmembrane.com) will handle your Pitchlane credentials server-side, so ensure you trust that service and your organization's policy for sharing account access. 2) npm risk: the doc asks you to run a global npm install (@membranehq/cli); verify the package and maintainers if you're in a high-security environment. 3) Network access: the CLI requires network and browser-based login (or headless token flow). If any of these are unacceptable for your environment, do not install or use the skill. Otherwise the skill's instructions and requirements are proportionate to its stated purpose.Like a lobster shell, security has layers — review code before you run it.
latestvk973f7ybp2w6tcc5gq4rvc557184239n
License
MIT-0
Free to use, modify, and redistribute. No attribution required.