Vivomeetings
v1.0.0Vivomeetings integration. Manage data, records, and automate workflows. Use when the user wants to interact with Vivomeetings data.
⭐ 0· 33·0 current·0 all-time
byMembrane Dev@membranedev
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description (Vivomeetings integration) match the instructions, which exclusively describe using the Membrane CLI to discover connectors, create connections, run actions, and proxy API requests to Vivomeetings. No unrelated resources, credentials, or binaries are demanded.
Instruction Scope
SKILL.md confines runtime actions to installing/using @membranehq/cli, logging in via Membrane (browser-based), listing connections/actions, running actions, and proxying requests. It does not instruct reading unrelated local files, exfiltrating env vars, or contacting unexpected endpoints outside Membrane/Vivomeetings.
Install Mechanism
The doc instructs installing a global npm package (npm install -g @membranehq/cli). Installing an npm package is a normal way to get a CLI, but global npm installs run code from the public registry and write to disk — a moderate-risk operation. The skill package itself has no install spec in the registry (instruction-only), so the only install action is user-directed in SKILL.md.
Credentials
The skill requests no environment variables or local credentials; it explicitly advises not to ask users for API keys and to let Membrane manage auth server-side. That is proportionate to its purpose.
Persistence & Privilege
The skill is not forced-always, is user-invocable, and does not request permanent presence or attempt to modify other skills or system-wide settings.
Assessment
This skill is instruction-only and appears coherent, but take these precautions before installing/using the Membrane CLI: 1) Verify the CLI package (@membranehq/cli) on the official npm registry and GitHub (check publisher, README, recent commits, and downloads) before running an npm -g install. 2) Prefer using npx (npx @membranehq/cli@latest ...) or a local install to avoid adding a global binary if you don’t want persistent tool installation. 3) Understand data flow: proxy requests and actions go through Membrane, so any request bodies or retrieved meeting data will pass through their servers — review Membrane’s privacy/security docs. 4) Use browser-based login flow as instructed rather than pasting credentials into tools, and avoid sharing local API keys. 5) If you need higher assurance, inspect the CLI source code on GitHub or run it in an isolated/test environment first.Like a lobster shell, security has layers — review code before you run it.
latestvk97e3gzydr3wenw2rteepdbdyx8445tc
License
MIT-0
Free to use, modify, and redistribute. No attribution required.