Swiftype
v1.0.2Swiftype integration. Manage data, records, and automate workflows. Use when the user wants to interact with Swiftype data.
⭐ 0· 70·0 current·0 all-time
byMembrane Dev@membranedev
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name and description (Swiftype integration) match the instructions: the SKILL.md tells the agent to use the Membrane CLI to authenticate, create connections, list/run actions, and proxy requests to Swiftype. There are no unrelated required env vars, binaries, or config paths.
Instruction Scope
Instructions stay within the stated purpose: they direct installing and using the Membrane CLI, logging in, creating a Swiftype connection, running actions, and proxying API calls through Membrane. The doc does not instruct reading arbitrary local files or asking the user for unrelated secrets. It does permit arbitrary proxied requests to the connected service (expected for a proxy), so be mindful of what account you connect.
Install Mechanism
This is instruction-only (no automatic install). It instructs users to run `npm install -g @membranehq/cli` — a typical method for installing a CLI but one that runs code from the public npm registry. This is expected for a CLI integration, but installing global npm packages carries the usual package-supply-chain risks; the skill itself doesn't auto-install anything.
Credentials
No environment variables or credentials are declared/required by the skill. Authentication is handled via Membrane's login flow (browser-based). That approach is proportional to a third-party integration and matches the guidance in SKILL.md to avoid asking users for API keys.
Persistence & Privilege
The skill is not forced-always and is user-invocable. It does not request elevated system persistence or changes to other skills. Autonomous invocation is allowed by platform default, which is normal; nothing in the skill adds extra persistent privileges.
Assessment
This skill is coherent: it directs use of the Membrane CLI to connect to Swiftype and does not ask for unrelated credentials. Before using it, verify the Membrane service and npm package (check the homepage and GitHub repo, npm package owner, and recent package activity). Be aware you will authenticate via Membrane (browser flow) and the CLI/proxy can send arbitrary requests to the connected service, so only connect accounts with appropriate scope/permissions. If you are uncomfortable installing a global npm package, install in a controlled environment or sandbox first. If you want to limit risk, require manual invocation of this skill rather than allowing broad autonomous use.Like a lobster shell, security has layers — review code before you run it.
latestvk97a5dy72n2j4mx5y8ybpkfh45842nda
License
MIT-0
Free to use, modify, and redistribute. No attribution required.