Secureship
v1.0.0Secureship integration. Manage data, records, and automate workflows. Use when the user wants to interact with Secureship data.
⭐ 0· 55·0 current·0 all-time
byMembrane Dev@membranedev
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
The name/description (Secureship integration) align with the instructions: installing/using the Membrane CLI to create a Secureship connection, list actions, run actions, and proxy API requests. Required capabilities (network, Membrane account) match the stated purpose.
Instruction Scope
SKILL.md limits runtime actions to invoking the Membrane CLI and performing browser-based login; it does not instruct reading unrelated files, scanning system configuration, or requesting arbitrary environment variables. The proxy feature routes requests to Secureship via Membrane (expected for this integration).
Install Mechanism
The skill asks users to install @membranehq/cli via npm (global) or use npx. This is a common pattern but does install third-party code on the host. The skill itself has no install spec and contains no code to scan, so trust depends on the authenticity of the npm package and the Membrane service.
Credentials
No environment variables, credentials, or config paths are requested by the skill; it explicitly advises against asking users for API keys and uses Membrane to handle auth. One consideration: data and credentials are handled server-side by Membrane, so sensitive request payloads will transit through their service.
Persistence & Privilege
Skill is user-invocable, not always-enabled, and does not request persistent agent privileges or modify other skills. Model invocation remains enabled (platform default) but that is not a unique concern here.
Assessment
This skill appears coherent for integrating Secureship via Membrane, but before installing or using it: 1) Verify the @membranehq/cli npm package and its maintainers (check npmjs.org and the GitHub repo) before running a global install; 2) Understand that using the Membrane proxy sends request data and token refresh flows through Membrane's servers — avoid sending highly sensitive secrets unless you trust that service and its permissions model; 3) Prefer using npx for one-off runs or install in a controlled environment rather than unrestricted global installs; 4) When creating the Secureship connection, grant least privilege possible and review the connection's scopes; 5) If you need higher assurance, inspect the Membrane CLI source repository and package release history or test in an isolated environment. Overall the skill is consistent with its stated purpose, but it relies on trusting the external Membrane tooling and service.Like a lobster shell, security has layers — review code before you run it.
latestvk971fkjynan10px8bd0tpddzz984cqf2
License
MIT-0
Free to use, modify, and redistribute. No attribution required.