Placid
v1.0.2Placid integration. Manage Organizations. Use when the user wants to interact with Placid data.
⭐ 0· 127·0 current·0 all-time
byMembrane Dev@membranedev
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name/description (Placid integration) match the instructions (using Membrane to connect to Placid). There are no unrelated credentials, binaries, or config paths requested.
Instruction Scope
SKILL.md limits actions to installing/using the Membrane CLI, creating connections, listing actions, running actions, and proxying requests. It does not instruct reading arbitrary files or exfiltrating data. Minor note: it relies on browser-based login flows and the CLI persisting authentication locally (not documented in the skill), which is expected but worth knowing.
Install Mechanism
This is an instruction-only skill (no install spec). It tells the user to run `npm install -g @membranehq/cli` and uses `npx ...@latest` in examples. Using the public npm registry is normal for a CLI, but global npm installs and unpinned `@latest` usage can run arbitrary code on the host if the upstream package changes—this is an operational risk rather than an incoherence with purpose.
Credentials
The skill declares no required env vars or credentials; Membrane is explicitly used to handle credentials server-side and the SKILL.md even advises not to ask users for API keys. This is proportionate. Note: the Membrane CLI will manage and persist tokens locally as part of normal operation (not declared in the skill metadata).
Persistence & Privilege
The skill does not request always:true and is user-invocable only. It does not ask to modify other skills or system-wide config. Autonomous invocation is allowed by default (platform default) but not combined with other red flags.
Assessment
This skill appears to do what it says: it guides you to use the Membrane CLI to manage Placid connections. Before installing or running it, consider: (1) npm install -g will execute code from the npm package—verify the @membranehq/cli package and its repository and prefer installing a pinned version or running in an isolated environment (container/VM) if you have risk concerns; (2) examples use `npx ...@latest` which fetches the latest package each run—pin versions if you want reproducibility; (3) the Membrane login flow stores credentials locally via the CLI (normal behavior)—be aware of where those creds are stored on your machine and who can access them; (4) Membrane will mediate access to Placid, so granting Membrane a connection gives it ability to act on your behalf in Placid—only create connections you trust; (5) do not paste secrets or API keys into chat; instead follow the CLI/browser auth flow. If you want extra safety, inspect the Membrane CLI source on GitHub and run the CLI in a dedicated environment before using it with production accounts.Like a lobster shell, security has layers — review code before you run it.
latestvk975kjzkwd8d2zft4fqg5m0m6h842dss
License
MIT-0
Free to use, modify, and redistribute. No attribution required.