Metricfire
v1.0.0MetricFire integration. Manage data, records, and automate workflows. Use when the user wants to interact with MetricFire data.
⭐ 0· 58·0 current·0 all-time
byMembrane Dev@membranedev
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The skill's name and description (MetricFire integration) match the instructions (using Membrane CLI to connect, list actions, and proxy requests to MetricFire). The use of Membrane as a proxy for MetricFire is coherent with the stated purpose.
Instruction Scope
SKILL.md only instructs installing and using the Membrane CLI, running search/connect/list/action/request commands, and performing browser-based login flows. It does not ask the agent to read unrelated files, environment variables, or exfiltrate data to unexpected endpoints. The instructions are scoped to discovering and invoking MetricFire actions via Membrane.
Install Mechanism
No packaged install spec is embedded in the skill (instruction-only). The doc recommends installing @membranehq/cli via npm (global install). Installing a global npm package is a common approach but carries the usual moderate risk of executing third-party code — verify the package source/version before installing.
Credentials
The skill declares no required environment variables or credentials. The documentation explicitly instructs not to ask users for API keys and relies on Membrane-managed connections, which is proportionate to the integration's goals. Note: using the Membrane CLI will create/hold local connection tokens as part of normal auth flows.
Persistence & Privilege
The skill is not always-enabled and does not request elevated platform privileges or modify other skills' configurations. It is instruction-only and does not persist code or configuration beyond recommending an external CLI.
Assessment
This skill appears coherent and uses the Membrane CLI to access MetricFire, but before installing: 1) verify the npm package (@membranehq/cli) and its publisher (check npmjs.org and the project's GitHub/release pages) before running a global install; 2) be aware the CLI will perform browser-based auth and store connection tokens locally — only connect accounts you trust and understand the permissions Membrane will have; 3) if you plan to allow the agent to run skills autonomously, remember those CLI commands will run on your machine and could access any accounts you connect; consider running in a controlled environment or reviewing commands before execution; 4) if you need higher assurance, consult Membrane/MetricFire docs and confirm the connector IDs and endpoints before passing data to the proxy.Like a lobster shell, security has layers — review code before you run it.
latestvk977y33dgyq2c0qec3db94am6s849j4c
License
MIT-0
Free to use, modify, and redistribute. No attribution required.