by 安全扫描
OpenClaw
安全
high confidenceNULL
评估建议
This skill is coherent and does what it says: it instructs you to install the Membrane CLI and use it to connect to and manage Formidable Forms data. Before installing and using it, consider: 1) Verify the @membranehq/cli package and publisher (check the npm page and linked GitHub repo) before running npm install -g; installing global packages runs third‑party code on your machine. 2) Understand the trust boundary: authentication uses Membrane (browser OAuth) so Membrane will store/manage tokens...详细分析 ▾
✓ 用途与能力
The skill is an instruction-only integration that uses the Membrane CLI to manage Formidable Forms resources. No unrelated credentials, binaries, or config paths are requested — this aligns with the described purpose.
ℹ 指令范围
Instructions are focused on installing and using the Membrane CLI to list/connect/run actions and proxy requests to the Formidable Forms API. This is within scope, but the 'membrane request' and 'membrane action run' commands allow proxying arbitrary Formidable endpoints and running arbitrary connector actions, which grants broad access to form data (expected for this integration but a useful user privacy/security consideration).
ℹ 安装机制
There is no automated install spec in the registry, but the SKILL.md instructs users to install @membranehq/cli via npm (npm install -g). Installing a global npm package is a standard approach but has moderate risk because it executes third‑party code on the host; the package is from the public npm registry (@membranehq) — verify the package and publisher before installing.
ℹ 凭证需求
The skill requests no local environment variables or secrets (proportionate). However, authentication is handled by Membrane (browser OAuth flow) which means credentials/tokens are managed server‑side by Membrane — users should be aware that form data and credentials will be accessible to the Membrane service.
✓ 持久化与权限
The skill is user-invocable with no 'always' flag and does not request persistent system-wide privileges. It does require the user to install a CLI, but the skill itself does not request elevated or persistent platform privileges.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.0.22026/3/11
NULL
● 无害
安装命令
点击复制官方npx clawhub@latest install formidable-forms
镜像加速npx clawhub@latest install formidable-forms --registry https://cn.longxiaskill.com