Verve
v1.0.0Verve Group integration. Manage data, records, and automate workflows. Use when the user wants to interact with Verve Group data.
⭐ 0· 54·0 current·0 all-time
byMembrane Dev@membranedev
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name/description say this is a Verve Group integration and the SKILL.md consistently instructs use of the Membrane CLI to discover connectors, create connections, run actions, and proxy API requests to Verve. Nothing requested is unrelated to that purpose.
Instruction Scope
Instructions are limited to installing the Membrane CLI, logging in (browser-based or headless flow), listing/searching connections/actions, running actions, and proxying requests. The doc does not direct reading unrelated local files, environment variables, or exfiltrating data to unexpected endpoints.
Install Mechanism
This is an instruction-only skill (no install spec) that tells users to run `npm install -g @membranehq/cli`. Installing a global npm package is a normal step for a CLI integration but carries the usual supply-chain considerations (verify the package and publisher before installing).
Credentials
The skill requires a Membrane account and network access but declares no environment variables, secrets, or config paths. Authentication is delegated to Membrane's browser flow rather than requesting API keys locally, which is proportionate to the stated purpose.
Persistence & Privilege
Skill is not marked always:true and has no install artifacts in the skill bundle. Be aware that the agent (if allowed to run autonomously) could invoke the Membrane CLI and thereby act on the user's Verve data after the user authenticates — this is expected for an integration but worth noting.
Assessment
This skill is internally consistent with a Membrane-based Verve integration, but before installing: (1) verify the Membrane CLI package and publisher (@membranehq) on npm and the project's GitHub/homepage; (2) understand that authenticating via the browser grants Membrane (the service) access to your Verve account — review its privacy/security docs; (3) installing a global npm package modifies your system PATH — only install if you trust the package; (4) if you are concerned about autonomous agent actions, restrict or review the agent's permissions or require manual invocation when using this skill.Like a lobster shell, security has layers — review code before you run it.
latestvk978pdfpga0bdtn8fksykfp9eh84fmph
License
MIT-0
Free to use, modify, and redistribute. No attribution required.