← Back to Skills Marketplace
gora050

Snyk

by Vlad Ursul · GitHub ↗ · v1.0.3 · MIT-0
cross-platform ⚠ suspicious
153
Downloads
0
Stars
0
Active Installs
4
Versions
Install in OpenClaw
/install snyk-integration
Description
Snyk integration. Manage Projects, Organizations. Use when the user wants to interact with Snyk data.
Usage Guidance
This skill delegates Snyk access to the Membrane CLI rather than asking for Snyk API keys, which is coherent and generally preferable. Before installing: 1) Verify you trust the Membrane project and the npm package (@membranehq/cli); prefer using npx or a scoped install if you don't want a global npm install. 2) Confirm the homepage/repository and package integrity (check the package on npm / GitHub releases) to reduce supply-chain risk. 3) Be aware that once you create a Membrane connection it can access Snyk data according to the permissions you grant — review those permissions in your Membrane account and in Snyk. 4) Note the metadata omission: the skill's manifest didn't list required binaries (node/npm, membrane) even though the SKILL.md assumes them. That mismatch is a documentation omission, not a functional red flag, but you should ensure the required tooling is installed from trusted sources.
Capability Analysis
Type: OpenClaw Skill Name: snyk-integration Version: 1.0.3 The skill facilitates Snyk integration via the Membrane CLI, requiring high-risk operations such as the global installation of an NPM package (`npm install -g @membranehq/cli`) and the execution of dynamically generated remote actions. While these capabilities are aligned with the stated purpose of using the Membrane platform (getmembrane.com) for API orchestration, the requirement for global software installation and the reliance on third-party remote logic execution constitute a broad permission set and a significant attack surface. No explicit malicious intent or data exfiltration was observed in the provided files.
Capability Assessment
Purpose & Capability
The SKILL.md describes a Snyk integration implemented via the Membrane CLI, which is a reasonable implementation for this purpose. However, the skill metadata declares no required binaries while the instructions expect npm/node (to install the CLI) and the membrane CLI to be available — a small inconsistency between declared requirements and runtime instructions.
Instruction Scope
Instructions are focused on installing and using the Membrane CLI to connect to Snyk, creating connections, discovering and running actions. They do not instruct the agent to read unrelated files, exfiltrate environment variables, or perform operations outside the stated integration flow.
Install Mechanism
The install instructions recommend a global npm install of @membranehq/cli@latest. Installing a third-party CLI globally is common but has moderate risk (supply-chain / permission considerations). There is no high-risk download or archive extraction in the instructions.
Credentials
The skill declares no required environment variables or credentials and explicitly advises using Membrane-managed connections rather than asking for API keys. That is appropriate for a connector that relies on an external connector service to manage auth.
Persistence & Privilege
The skill is user-invocable, not always-enabled, and does not request elevated persistent privileges or modify other skills. Autonomous invocation is allowed (platform default) but not combined with other concerning privileges.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install snyk-integration
  3. After installation, invoke the skill by name or use /snyk-integration
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.3
Auto sync from membranedev/application-skills
v1.0.2
Revert refresh marker
v1.0.1
Refresh update marker
v1.0.0
Auto sync from membranedev/application-skills
Metadata
Slug snyk-integration
Version 1.0.3
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 4
Frequently Asked Questions

What is Snyk?

Snyk integration. Manage Projects, Organizations. Use when the user wants to interact with Snyk data. It is an AI Agent Skill for Claude Code / OpenClaw, with 153 downloads so far.

How do I install Snyk?

Run "/install snyk-integration" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Snyk free?

Yes, Snyk is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Snyk support?

Snyk is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Snyk?

It is built and maintained by Vlad Ursul (@gora050); the current version is v1.0.3.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments