Tray
v1.0.0Tray integration. Manage data, records, and automate workflows. Use when the user wants to interact with Tray data.
⭐ 0· 28·0 current·0 all-time
byMembrane Dev@membranedev
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description (Tray integration) align with the instructions: all runtime actions use the Membrane CLI to discover connections, run actions, and proxy requests to the Tray API. No unrelated credentials, binaries, or services are requested.
Instruction Scope
SKILL.md stays on-topic: it tells the agent to install and use the Membrane CLI, login, create/list connections, list/run actions, and proxy API calls. It does not instruct reading unrelated files, environment variables, or exfiltrating data to unexpected endpoints. It explicitly warns not to ask the user for Tray API keys and to let Membrane manage auth.
Install Mechanism
This is an instruction-only skill (no install spec). It directs users/agents to install @membranehq/cli via npm (-g). That is a common approach but carries the usual npm-global risks (installing and running third-party code). The skill itself does not download arbitrary archives or run custom installers.
Credentials
The skill declares no required env vars or credentials. It relies on Membrane to handle auth server-side; this is proportionate to the stated purpose of integrating with Tray.
Persistence & Privilege
always is false and model invocation is allowed (platform default). The skill does not request permanent presence or modify other skills or system-wide settings.
Assessment
This skill looks coherent and implements Tray integration via the Membrane CLI. Before installing: (1) confirm you trust the @membranehq/cli npm package and its publisher (global npm installs execute third‑party code), (2) be aware that Membrane will proxy and manage authentication for your Tray connections — that service will see/mediate API requests on your behalf, so review Membrane's privacy/security docs, (3) interactive login opens a browser or uses a temporary code for headless environments, and (4) ensure the agent's network access and the CLI are permitted in your environment. If you need a higher assurance, verify the CLI package version and repository source before installing.Like a lobster shell, security has layers — review code before you run it.
latestvk971frgad5ej5k2xc23ka1fk79847q85
License
MIT-0
Free to use, modify, and redistribute. No attribution required.