Sailthru
v1.0.0Sailthru integration. Manage data, records, and automate workflows. Use when the user wants to interact with Sailthru data.
⭐ 0· 60·0 current·0 all-time
byMembrane Dev@membranedev
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name/description (Sailthru integration) match the instructions: all runtime actions call the Membrane CLI to connect to Sailthru, discover actions, run actions, or proxy API requests. Nothing in the skill requires unrelated services or credentials.
Instruction Scope
SKILL.md only instructs installing and using the Membrane CLI, running membrane commands, and using the Membrane proxy to reach Sailthru. It does not direct the agent to read unrelated files, system config, or arbitrary environment variables. It explicitly recommends not asking users for API keys.
Install Mechanism
There is no formal install spec in the registry (instruction-only), but the SKILL.md tells users to run `npm install -g @membranehq/cli` or use `npx`. Installing a global npm package is a standard approach but requires trust in the package on the public registry; this is moderate risk compared with no install at all.
Credentials
The skill declares no required env vars, no primary credential, and instructs the user to authenticate via Membrane (browser flow). That is proportional to a third-party integration: Membrane will hold credentials server-side and the skill does not request unrelated secrets.
Persistence & Privilege
The skill does not request always:true or any persistent system modifications. It is user-invocable and allows normal autonomous invocation; this is standard and not combined with other concerning privileges.
Assessment
This skill is an instruction-only adapter that routes Sailthru work through Membrane. Before installing or running it: (1) Verify you trust the Membrane service and its privacy/security posture, because Membrane will hold and proxy your Sailthru credentials and can see request/response data; (2) Prefer running via `npx` or a non-global install if you don't want a global npm package; (3) Confirm the npm package name (@membranehq/cli) and the Membrane documentation matches the official project to avoid typosquatting; (4) No local API keys are requested — do not share Sailthru credentials directly with the skill. Overall the skill is coherent with its stated purpose, but you should only proceed if you trust Membrane as the credential and proxy provider.Like a lobster shell, security has layers — review code before you run it.
latestvk97865w950kb8z1yn78mfmbtr984aakc
License
MIT-0
Free to use, modify, and redistribute. No attribution required.