Sendcloud
v1.0.2Sendcloud integration. Manage Parcels, ShippingMethods, Addresses. Use when the user wants to interact with Sendcloud data.
⭐ 0· 248·2 current·2 all-time
byMembrane Dev@membranedev
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name and description describe Sendcloud operations (parcels, shipping methods, addresses). All runtime instructions focus on using the Membrane CLI to discover/connect/run Sendcloud actions, which is coherent with the stated purpose.
Instruction Scope
SKILL.md only instructs running Membrane CLI commands (login, connect, action list/run, proxy requests). It does not request unrelated file reads, extra environment variables, or transmission to third-party endpoints outside the Membrane/Sendcloud flow. Headless login and browser-based auth are documented and expected for this flow.
Install Mechanism
The skill instructs installing the Membrane CLI via a global npm install (npm install -g @membranehq/cli). This is proportionate to the skill but is a system-wide package install (global npm) so users should be aware of the usual risks of installing global npm packages and ensure the @membranehq package is the intended official CLI.
Credentials
No environment variables, config paths, or credentials are requested by the skill. Authentication is delegated to Membrane's login flow, which is consistent with the skill's purpose. Users should note that the Membrane CLI will manage tokens/credentials for Sendcloud on their behalf.
Persistence & Privilege
Skill is instruction-only, has no install spec, and is not set to always:true. It does not request persistent agent privileges or modify other skills' configs. Autonomous invocation defaults are unchanged.
Assessment
This skill is coherent: it uses the Membrane CLI to talk to Sendcloud and asks you to install and authenticate that CLI. Before installing, verify the official source for @membranehq/cli and that you trust Membrane (review their docs/privacy). Be aware that: the CLI will open a browser to authenticate and will store tokens locally (so it will be able to call Sendcloud on your behalf), and the skill suggests installing a global npm package which modifies your system environment. If you prefer more control, create a least-privilege Sendcloud account/connector for use with Membrane, and confirm connector IDs and outputs before running actions that create or cancel parcels.Like a lobster shell, security has layers — review code before you run it.
latestvk97cf7ba49z4zna53tdwa2j9nd843k1t
License
MIT-0
Free to use, modify, and redistribute. No attribution required.