ClawHub

Tinypng

v1.0.2

TinyPNG integration. Manage data, records, and automate workflows. Use when the user wants to interact with TinyPNG data.

0· 86·0 current·0 all-time
byMembrane Dev@membranedev
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (TinyPNG integration) matches the SKILL.md: all operations are performed via the Membrane CLI to interact with TinyPNG. No unrelated credentials, binaries, or config paths are requested.
Instruction Scope
Instructions are focused on installing and using the Membrane CLI, creating a connection, listing actions, running actions, and proxying TinyPNG API calls. They do not instruct reading unrelated files or environment variables, nor do they require the agent to exfiltrate arbitrary local data.
Install Mechanism
This is an instruction-only skill (no automatic install). It tells users to run `npm install -g @membranehq/cli`. Installing a global npm package is a normal step but does require trusting the @membranehq/cli package and the npm ecosystem; the skill itself does not automatically download or run code.
Credentials
The skill declares no required env vars or credentials and advises using Membrane to manage auth. That is proportionate: it avoids asking for API keys locally and relies on Membrane's connection flow.
Persistence & Privilege
The skill does not request 'always' presence, does not modify other skills or system-wide agent settings, and is user-invocable. Autonomous invocation is allowed by default but not combined with other red flags.
Assessment
This skill is coherent with a TinyPNG integration that uses the Membrane CLI, but you should still: 1) verify the authenticity of the @membranehq/cli package (check npm and the GitHub repo), 2) review Membrane's privacy/security and data-retention policies because requests and credentials are handled server-side (any proxied requests go through Membrane), 3) avoid sending unrelated sensitive data through the proxy, and 4) install global npm packages only from trusted environments. If you need stronger assurance, ask the publisher for the exact actions the connector exposes and check audit/logging for your Membrane tenant.

Like a lobster shell, security has layers — review code before you run it.

latestvk977d0py88seahrasrpkh9w1rd8425ss

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments