Cloudentity
v1.0.0Cloudentity integration. Manage data, records, and automate workflows. Use when the user wants to interact with Cloudentity data.
⭐ 0· 11·0 current·0 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name and description (Cloudentity integration) match the instructions: discover/connect to Cloudentity via the Membrane CLI, list/run actions, and optionally proxy raw API requests. Required capabilities (network and a Membrane account) are consistent with the stated purpose.
Instruction Scope
SKILL.md stays within scope (install CLI, authenticate via Membrane, discover and run Cloudentity actions, proxy requests). Important data flow: the instructions rely on Membrane as a proxy/credential manager, so authentication and proxied API requests will be handled server-side by Membrane — that means request payloads, responses, and auth tokens are transmitted to Membrane's service. This is expected for the stated integration but is an important privacy/operational consideration.
Install Mechanism
The skill is instruction-only (no install spec in the registry) but tells users to install @membranehq/cli globally via npm (npm install -g). Installing a public npm CLI is a common approach, but global npm installs run arbitrary package code and are higher risk than using an already-trusted, audited binary. The SKILL.md does not pin a version; consider using npx or a pinned package version to reduce supply-chain risk.
Credentials
The skill declares no required environment variables or local credentials and explicitly advises against asking users for API keys, delegating auth to Membrane. That is proportionate to the skill's function. Note that credentials will be managed server-side by Membrane, so the skill itself does not require local secrets.
Persistence & Privilege
The skill does not request always:true, does not modify other skills or system-wide settings, and is user-invocable only. It does not ask for persistent local configuration beyond installing/using the Membrane CLI, so its requested level of presence is appropriate.
Assessment
This skill is coherent with its stated purpose, but before installing or using it consider: (1) Membrane (getmembrane.com / @membranehq/cli) will handle authentication and will see proxied requests and tokens — verify you trust that service and it meets your privacy/compliance needs. (2) The instructions recommend a global npm install of @membranehq/cli; global npm installs execute package code on your machine and should come from a trusted source — consider using npx or pinning a package version. (3) Verify the official Membrane docs and the referenced GitHub repo match the package name and behavior. (4) If you need stronger guarantees, ask for details on where credentials are stored, what telemetry/logging Membrane retains, and whether you can restrict or audit proxied requests. If you trust Membrane and intend to interact with Cloudentity, the skill's requirements appear proportionate.Like a lobster shell, security has layers — review code before you run it.
latestvk97dz385vswwvrqhc7e2tvc5nx84bw6a
License
MIT-0
Free to use, modify, and redistribute. No attribution required.