Sidekick Ai

v1.0.0

Sidekick AI integration. Manage data, records, and automate workflows. Use when the user wants to interact with Sidekick AI data.

⭐ 0· 29·0 current·0 all-time

byMembrane Dev@membranedev

MIT-0

Download zip

LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.

Security Scan

VirusTotal

Benign

View report →

OpenClaw

Benign

high confidence

✓

Purpose & Capability

Name/description match the instructions: the SKILL.md tells the agent to use the Membrane CLI to connect to Sidekick AI, list/run actions and proxy API calls. No unrelated credentials, binaries, or config paths are requested.

ℹ

Instruction Scope

Instructions stay on-topic (install CLI, membrane login, connect, action list/run, request proxy). Be aware that 'membrane request' and action runs allow sending arbitrary requests and parameters to the Sidekick AI connector's API — the agent could transmit user-provided data to Sidekick via these commands, so verify which actions/inputs the agent will use.

ℹ

Install Mechanism

SKILL.md instructs installing @membranehq/cli via npm -g (a public npm package). This is an expected install method but carries the usual npm risks (package code executes on install). Consider using npx, a pinned version, or an isolated/containerized environment if you have concerns.

✓

Credentials

No environment variables, secrets, or unrelated credentials are requested. The docs explicitly advise against asking users for API keys and rely on Membrane to manage auth, which is proportionate.

✓

Persistence & Privilege

Skill is not forced-enabled (always: false) and does not request persistent system-wide changes or access to other skills' configs. It uses standard CLI-based interactions only.

Assessment

This skill appears to do what it says: it uses the Membrane CLI to operate a Sidekick AI connector. Before installing, check that you trust the @membranehq/cli npm package (inspect its repo and maintainer, or prefer npx/pinned versions), run it in an isolated environment if possible, and be deliberate about which actions the agent is allowed to invoke — actions and 'membrane request' can send data to your Sidekick account. If you are uncomfortable with the CLI installing global packages or letting the agent autonomously run connector actions against your account, do not install or restrict the agent's permissions.

Like a lobster shell, security has layers — review code before you run it.

latestvk972fj2ghk66kphs0dmvgzh721846sxa

License

MIT-0

Free to use, modify, and redistribute. No attribution required.

Termshttps://spdx.org/licenses/MIT-0.html

Sidekick Ai

License

Comments