Smartrmail
v1.0.0SmartrMail integration. Manage data, records, and automate workflows. Use when the user wants to interact with SmartrMail data.
⭐ 0· 30·0 current·0 all-time
byMembrane Dev@membranedev
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name/description (SmartrMail integration) matches the instructions: all runtime actions target SmartrMail via the Membrane platform/CLI. There are no unrelated required env vars, binaries, or config paths.
Instruction Scope
SKILL.md instructs installing and using the @membranehq/cli and running membrane login/connect/action/request commands. This stays within the stated purpose, but it explicitly routes requests and authentication through Membrane — meaning SmartrMail data and credentials are handled by a third‑party service. The skill correctly avoids asking users for raw API keys, but it does assume network access and a Membrane account.
Install Mechanism
The package has no formal install spec in the registry (instruction-only), but SKILL.md tells users/agents to run npm install -g @membranehq/cli (and uses npx in examples). Global npm installs write files to disk and require caution; the CLI package is namespaced (@membranehq) which is expected, but there are no checksums or pinned versions in the doc. This is a moderate operational risk typical of CLI-based integrations.
Credentials
The skill requests no environment variables and declares no primary credential. It relies on Membrane to manage auth server-side; that is proportional to the stated goal. Note: trusting Membrane with account access is required — credentials and API traffic will transit Membrane's service.
Persistence & Privilege
The skill is not always-enabled and does not request elevated platform privileges or modify other skills/config. It is user-invocable and allowed to be invoked autonomously (the platform default) which is normal.
Assessment
This skill appears coherent but you should: (1) verify you trust Membrane (getmembrane.com) since SmartrMail access and credentials are proxied through their service; (2) inspect the npm package (@membranehq/cli) before installing or prefer running via npx to avoid a global install; (3) avoid running global npm installs as root and pin/verify package versions where possible; (4) review Membrane's privacy/security docs and ensure you create least-privileged connections for your SmartrMail account; and (5) if you require offline or direct control over API keys, do not use this skill (it intentionally delegates auth to Membrane).Like a lobster shell, security has layers — review code before you run it.
latestvk9753yefbph734yqkqs3v757zh848yq8
License
MIT-0
Free to use, modify, and redistribute. No attribution required.