Zenkit
v1.0.0Zenkit integration. Manage data, records, and automate workflows. Use when the user wants to interact with Zenkit data.
⭐ 0· 59·0 current·0 all-time
byMembrane Dev@membranedev
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The skill declares it integrates with Zenkit and all runtime instructions are about discovering connectors, creating a Membrane connection, running actions, or proxying API requests through Membrane — these are appropriate and expected for a Zenkit integration.
Instruction Scope
SKILL.md only instructs installing and using the Membrane CLI, logging in, creating/using a Zenkit connection, listing/running actions, and proxying API calls. It does not instruct reading unrelated files, asking for unrelated credentials, or exfiltrating data to arbitrary endpoints. It does require network access and a Membrane account, which the README documents.
Install Mechanism
There is no install spec in the registry (instruction-only), but SKILL.md instructs the user to run a global npm install (npm install -g @membranehq/cli). This is a common but moderately privileged action because it writes to the host system; it is proportionate for installing a CLI but the user should confirm the package's authenticity on the npm registry before running it.
Credentials
The skill requests no environment variables or local credentials. Authentication is delegated to Membrane (browser-based login and server-side token handling), which matches the skill's stated approach of not requesting API keys locally.
Persistence & Privilege
The skill does not request always: true, does not declare system config changes, and is user-invocable. Its actions are limited to using the Membrane CLI and network requests through Membrane, which is within expected scope.
Assessment
This skill is coherent but depends on the third-party Membrane service and a CLI package from npm. Before installing or using it: (1) Verify the @membranehq/cli package on the official npm registry and confirm the maintainer/trustworthiness; (2) Review Membrane's privacy/security docs because API requests and Zenkit auth are proxied through their servers (your Zenkit data and tokens will transit/ be stored by Membrane per their policy); (3) Be aware that running npm install -g writes a global binary—use an isolated environment or non-root install if you have concerns; (4) If you need higher assurance, ask the skill author for a signed source repository or package checksum, or prefer running repository-audited tooling rather than blindly installing a global CLI.Like a lobster shell, security has layers — review code before you run it.
latestvk978fp7zp164s56g3qe4cw2ve184c0ja
License
MIT-0
Free to use, modify, and redistribute. No attribution required.