Sesame
v1.0.0Sesame integration. Manage data, records, and automate workflows. Use when the user wants to interact with Sesame data.
⭐ 0· 51·0 current·0 all-time
byMembrane Dev@membranedev
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name/description (Sesame integration) match the instructions: everything centers on using the Membrane CLI to find connectors, create connections, run actions, or proxy API requests to Sesame.
Instruction Scope
SKILL.md only instructs installing and using the Membrane CLI, logging in via browser, listing connections/actions, and proxying requests. It does not ask the agent to read unrelated files, environment variables, or system state.
Install Mechanism
The document recommends installing @membranehq/cli globally via npm (npm install -g @membranehq/cli). This is a normal developer step but is an action the user must perform locally — the registry does not provide an automated install spec. Installing a global npm package requires trusting that package and its publisher.
Credentials
The skill declares no required environment variables or credentials. It explicitly directs users to create a connection through Membrane instead of supplying local API keys, which is proportionate to the stated purpose.
Persistence & Privilege
The skill is instruction-only, has no always:true flag, and requests no special system persistence or privileges. It does not modify other skills or system-wide settings.
Assessment
This skill is coherent and appears to simply document using the Membrane CLI to access Sesame. Before installing/using it: 1) Understand that Membrane (the third-party service) will proxy requests and handle credentials — any data you send to Sesame via Membrane will transit/likely be processed by Membrane's service; review their privacy/security docs. 2) The SKILL.md asks you to install a global npm package (@membranehq/cli); verify the package/publisher and consider installing in a controlled environment (container or VM) if you are cautious. 3) The skill does not request local secrets, but the login flow opens a browser and creates persistent connections — confirm you want to grant that access to your Membrane account. Overall the skill is internally consistent, but trust decisions about Membrane and the npm package remain with you.Like a lobster shell, security has layers — review code before you run it.
latestvk974z7m3qeqqq3rf5abehh86px84f72e
License
MIT-0
Free to use, modify, and redistribute. No attribution required.