Shuttle
v1.0.0Shuttle integration. Manage data, records, and automate workflows. Use when the user wants to interact with Shuttle data.
⭐ 0· 26·0 current·0 all-time
byMembrane Dev@membranedev
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name/description (Shuttle integration) align with the instructions: the SKILL.md consistently shows how to use the Membrane CLI to discover/connect to a Shuttle connector and run actions. The homepage and repository metadata reference Membrane, which matches the tool the instructions require.
Instruction Scope
Instructions focus on installing and using the @membranehq/cli (login, connect, action list/run, and request proxy). They do not ask the agent to read arbitrary local files or unrelated env vars. Important note: using membrane request will proxy API calls and request payloads through Membrane's servers — users should be aware that data sent via proxy is transmitted to Membrane (and to Shuttle).
Install Mechanism
The skill is instruction-only (no install spec). The SKILL.md tells users to install the official-looking npm package @membranehq/cli or run via npx; this is an expected, typical install pattern. There is no download from an untrusted URL or automatic install performed by the skill itself.
Credentials
The skill declares no required env vars or credentials. It requires a Membrane account and browser-based login, which matches the described workflow. There are no unexplained requests for unrelated secrets or system-level config paths.
Persistence & Privilege
always is false and there is no install script persisting credentials or altering other skills or system-wide settings. The skill does not request permanent elevated presence.
Assessment
This skill appears coherent and uses the Membrane CLI to talk to Shuttle. Before installing: (1) confirm you trust Membrane (https://getmembrane.com) because proxying requests/routes data through their service; (2) inspect the @membranehq/cli npm package (publisher, versions) before running a global npm install or prefer using npx; (3) be prepared to authenticate via browser (no API keys are requested by the skill); and (4) avoid pasting sensitive secrets into ad-hoc requests — the Membrane proxy will forward any data you supply. If you need tighter data control, consider calling Shuttle API directly (with your own credentials) rather than using a third-party proxy.Like a lobster shell, security has layers — review code before you run it.
latestvk97ew4v86eywjym3wzr1sv51nh849hww
License
MIT-0
Free to use, modify, and redistribute. No attribution required.