Fullstory
v1.0.2Fullstory integration. Manage Users, Sessions. Use when the user wants to interact with Fullstory data.
⭐ 0· 123·0 current·0 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description (Fullstory integration) align with the instructions: all actions are performed via the Membrane CLI and target Fullstory APIs. Required capabilities (network access, Membrane account, Membrane CLI) are appropriate for this integration.
Instruction Scope
SKILL.md contains concrete, scoped runtime instructions: install Membrane CLI, authenticate (browser-based or headless flow), create/connect a FullStory connector, list and run actions, or proxy requests through Membrane. It does not instruct the agent to read unrelated files, request unrelated credentials, or exfiltrate data to unknown endpoints.
Install Mechanism
This is an instruction-only skill (no install spec), but it tells users to run `npm install -g @membranehq/cli`. Installing a global npm package is a common, reasonable step for a CLI integration, but it does execute code on the host and should be reviewed/installed from the official package/registry. No URLs or obscure installers are used in the instructions.
Credentials
The skill declares no required env vars or credentials and explicitly recommends letting Membrane handle credentials (do not ask users for API keys). The credential model described (browser login + Membrane-managed token refresh) is proportionate to the stated functionality.
Persistence & Privilege
The skill does not request permanent presence (always: false) and does not ask to modify other skills or system-wide agent settings. It relies on the Membrane CLI for runtime interaction, which is normal for this type of integration.
Assessment
This skill appears coherent and uses the Membrane CLI to access FullStory. Before installing: 1) Verify the @membranehq/cli package and the Membrane service (homepage/repo) are legitimate and match your organization’s policies; malicious or typosquatted npm packages are possible. 2) Installing a global npm CLI executes code on your system — review the package and its homepage/repository before running `npm install -g`. 3) Understand that authenticating via the browser grants Membrane access to your FullStory data (Membrane will act as the proxy); ensure you trust the Membrane account/tenant you log into. 4) Because the skill may be invoked by an agent, be mindful of what prompts or actions you allow the agent to perform automatically (network calls via the CLI will run under your authenticated session). If you want extra caution, perform the Membrane login and connector creation yourself and only provide the resulting connectionId to the agent.Like a lobster shell, security has layers — review code before you run it.
latestvk976yx9c4yj7drm2rap37g1b4h843qg7
License
MIT-0
Free to use, modify, and redistribute. No attribution required.