Tinybird
v1.0.0Tinybird integration. Manage data, records, and automate workflows. Use when the user wants to interact with Tinybird data.
⭐ 0· 29·0 current·0 all-time
byMembrane Dev@membranedev
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Benign
high confidencePurpose & Capability
The skill states it integrates Tinybird and all runtime instructions use the Membrane CLI and a Membrane account to connect to Tinybird. Requesting a Membrane account/CLI is coherent with the stated goal of interacting with Tinybird via Membrane's proxy.
Instruction Scope
SKILL.md only instructs installing the Membrane CLI, logging in, creating/listing connections, running actions, and proxying requests to Tinybird; it does not direct the agent to read unrelated files or environment variables. Note: the instructions expect the agent or user to run shell/npm commands (global npm install) and to perform interactive/browser-based login flows — exercise normal caution when executing installs or login flows from an automated agent.
Install Mechanism
There is no registry install spec (skill is instruction-only) but the documentation asks the user/agent to run `npm install -g @membranehq/cli`. Installing a public npm CLI globally is a traceable but non-trivial action (writes to disk, may run postinstall scripts). This is expected for the skill's functionality but the user should verify the package and avoid running global installs as an elevated user where possible.
Credentials
The skill requests no environment variables or local credentials and explicitly says Membrane handles auth server-side. This is proportionate — Tinybird credentials are delegated to Membrane rather than requested locally. The main trust requirement is in Membrane's handling/storage of credentials.
Persistence & Privilege
The skill does not request always:true, does not declare config path access, and does not instruct modifying other skills or system-wide agent settings. Autonomous invocation is allowed (default) but unremarkable here and consistent with how instruction-only skills behave.
Assessment
This skill is instruction-only and uses the Membrane CLI/service to talk to Tinybird — that design is internally consistent. Before installing or running commands: 1) Verify the Membrane CLI package (@membranehq/cli) on the npm registry and the referenced GitHub repo to ensure authenticity. 2) Prefer installing the CLI in a controlled environment (container or non-root user) rather than on a production host. 3) Understand that Tinybird credentials will be managed by Membrane server-side — review Membrane's security/privacy and what permissions a connector will receive. 4) If you run this via an automated agent, ensure the agent's ability to install packages or open browser logins is intentional and constrained. 5) If you need higher assurance, ask the publisher for source code or a signed release and confirm the registry owner identity before proceeding.Like a lobster shell, security has layers — review code before you run it.
latestvk97eh0tyc992btq84mscs70z718481ka
License
MIT-0
Free to use, modify, and redistribute. No attribution required.