Spondyr
v1.0.2Spondyr integration. Manage Organizations. Use when the user wants to interact with Spondyr data.
⭐ 0· 132·0 current·0 all-time
byMembrane Dev@membranedev
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description (Spondyr integration) matches the instructions: all runtime steps use the Membrane CLI to connect to and proxy requests to Spondyr. The skill does not request unrelated credentials, binaries, or config paths.
Instruction Scope
Instructions are limited to installing/using the Membrane CLI, creating/using connections, running actions, and proxying requests. They do not instruct reading arbitrary files or environment variables. Note: the skill targets a healthcare app (PHI risk) and relies on a browser-based auth flow — users should ensure consent/compliance before sending protected data through Membrane.
Install Mechanism
There is no formal install spec; the README tells users to install @membranehq/cli with npm -g or use npx. That is a reasonable instruction for an instruction-only skill, but installing a third-party global npm package writes code to disk and should be reviewed (consider using npx to avoid a permanent global install).
Credentials
The skill declares no required env vars or credentials and explicitly instructs not to ask users for API keys, delegating auth to Membrane. The requested scope is proportional to the described integration.
Persistence & Privilege
The skill is not always-enabled, does not request elevated system presence, and contains no steps that modify other skills or global agent configuration. Autonomous invocation is allowed (platform default) but not combined with other red flags.
Assessment
This skill is instruction-only and appears coherent, but before installing or using it: 1) Review the @membranehq/cli package on npm/GitHub to ensure you trust the vendor; prefer using npx to avoid a global install if you are cautious. 2) Be careful with any patient data (PHI): confirm legal/compliance requirements and that your Membrane tenant is trusted before proxying health records. 3) The CLI opens a browser auth flow and stores connection tokens server-side via Membrane — verify how those tokens are handled by your organization. 4) If you need tighter control, test in an isolated environment and inspect network traffic or CLI behavior before using on production data.Like a lobster shell, security has layers — review code before you run it.
latestvk97cb1xjr94wpf0enahr19x041843jwn
License
MIT-0
Free to use, modify, and redistribute. No attribution required.