Waiverfile
v1.0.0WaiverFile integration. Manage data, records, and automate workflows. Use when the user wants to interact with WaiverFile data.
⭐ 0· 95·0 current·0 all-time
byMembrane Dev@membranedev
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Benign
high confidencePurpose & Capability
The name and description say 'WaiverFile integration' and the SKILL.md exclusively documents using the Membrane CLI to discover actions, create connections, run actions, and proxy API requests to WaiverFile. Required capabilities (network access and a Membrane account) match the stated purpose.
Instruction Scope
All runtime instructions are focused on installing and using the Membrane CLI (login, connect, action list/run, proxy requests). The instructions do not ask the agent to read unrelated files, access unrelated environment variables, or exfiltrate data to third-party endpoints outside Membrane/WaiverFile.
Install Mechanism
This is an instruction-only skill with no packaged install. It tells the user to install @membranehq/cli from the npm registry (npm install -g). Using a public npm package is reasonable for this purpose, but global npm installs modify the host environment; the SKILL.md also shows npx usage for some commands which is a lower-impact alternative. No arbitrary download URLs or archive extraction are used.
Credentials
The skill declares no required environment variables, no credentials, and no config paths. The instructions explicitly advise against asking users for API keys and instead to create Membrane connections; that is consistent with the integration model and proportional to the task.
Persistence & Privilege
The skill is user-invocable and not set to always:true. It can be invoked autonomously by the agent (platform default), which is expected for a functional integration skill; there is no indication it modifies other skills or requests persistent elevated privileges.
Assessment
This skill appears coherent and limited to using the Membrane CLI to talk to WaiverFile. Before installing: 1) Confirm you trust the @membranehq/cli npm package and review its npm/github page and permissions. 2) Prefer running one-off commands with npx where possible instead of a global npm -g install to reduce system impact. 3) Be aware Membrane will broker authentication to WaiverFile (you'll authenticate in a browser); review Membrane's privacy/security docs to understand what data it stores or can access. 4) If you want tighter control, consider running the CLI in an isolated environment (container or VM) and verify any connection IDs and actions the skill uses before approving automation. 5) Note that the agent can invoke the skill autonomously by default; if you do not want that, restrict the agent's ability to call third-party skills in your agent configuration.Like a lobster shell, security has layers — review code before you run it.
latestvk974m2wq9djx5xctahc04t12zd84hc4k
License
MIT-0
Free to use, modify, and redistribute. No attribution required.