Securitytrails
v1.0.0SecurityTrails integration. Manage data, records, and automate workflows. Use when the user wants to interact with SecurityTrails data.
⭐ 0· 23·0 current·0 all-time
byMembrane Dev@membranedev
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name/description (SecurityTrails integration) matches the instructions: all runtime actions are Membrane CLI commands that forward calls to SecurityTrails. No unrelated binaries, env vars, or config paths are requested.
Instruction Scope
Instructions are narrowly scoped to installing and using @membranehq/cli (login, create connections, run actions, proxy requests). One important behavioral detail: proxy requests and credential handling are routed through Membrane — that means request payloads and SecurityTrails queries will transit/ be handled by Membrane's service. This is expected for the described design but is a privacy/third‑party delegation risk to be aware of.
Install Mechanism
There is no automatic install spec in the skill, but the README tells users to run `npm install -g @membranehq/cli`. Installing a global npm package is a standard but moderately privileged action (writes to disk, installs binaries). The npm registry package is traceable; no arbitrary URLs or archive extraction are used.
Credentials
The skill declares no required env vars or credentials and the instructions explicitly say not to ask users for API keys (Membrane manages auth). This is proportionate. Note: using Membrane shifts credential custody to their service — confirm you trust Membrane's handling of credentials and data.
Persistence & Privilege
The skill is instruction-only, not always-included, and does not declare or require persistent elevated privileges. It does require installing a CLI if the user chooses to follow the instructions, but nothing in the skill attempts to change other skills or system-wide agent settings.
Assessment
This skill appears to do what it says — it directs you to use the Membrane CLI to talk to SecurityTrails rather than contacting SecurityTrails directly. Before installing: verify that you trust Membrane (https://getmembrane.com) because requests and credentials will be handled by their service; confirm the npm package name (@membranehq/cli) is the legitimate upstream package; be aware that `npm install -g` will add a global binary to your system; and don't provide your SecurityTrails API keys outside the official connection flow. If you need to avoid routing data through a third party, consider using SecurityTrails' API directly with your own credentials instead.Like a lobster shell, security has layers — review code before you run it.
latestvk9707ydq4xwchwfwj3st4tzbfs846ytn
License
MIT-0
Free to use, modify, and redistribute. No attribution required.