← Back to Skills Marketplace

Very Good Security

Name: Very Good Security
Author: gora050

by Vlad Ursul · GitHub ↗ · v1.0.3 · MIT-0

cross-platform ✓ Security Clean

164

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install very-good-security

Description

Very Good Security integration. Manage data, records, and automate workflows. Use when the user wants to interact with Very Good Security data.

Usage Guidance

This skill is coherent for integrating with Very Good Security via Membrane, but before installing: (1) verify and review the @membranehq/cli package on npm/GitHub to ensure it is the official client and to check what it writes to disk; (2) note the SKILL.md implicitly requires npm/npx and the 'membrane' binary even though metadata doesn't declare them — ensure your environment is appropriate; (3) prefer using npx or pinning a specific CLI version rather than installing 'latest' globally to reduce supply-chain risk; (4) be aware the CLI uses browser-based auth or printed auth URLs and will store local credentials/tokens for sessions — review where those tokens are stored and rotate/remove them if you revoke access; (5) if you need higher assurance, run the CLI in an isolated environment (VM/container) until you audit it. Overall the skill appears to do what it claims, but verify the Membrane CLI before granting it access on your primary machine.

Capability Analysis

Type: OpenClaw Skill Name: very-good-security Version: 1.0.3 The skill provides instructions for an AI agent to interact with Very Good Security (VGS) using the Membrane CLI (@membranehq/cli). It covers installation, authentication, and action execution through the Membrane platform. The content is consistent with its stated purpose and does not contain any indicators of malicious intent, data exfiltration, or harmful prompt injection.

Capability Tags

requires-sensitive-credentials

Capability Assessment

ℹ Purpose & Capability

The skill's name/description (VGS integration) aligns with the instructions (use Membrane CLI to connect to Very Good Security). However, the package metadata declares no required binaries or credentials while the instructions implicitly require npm/npx and a 'membrane' CLI — a mismatch that should be documented. Asking the user to install @membranehq/cli is reasonable for this purpose.

✓ Instruction Scope

SKILL.md limits actions to installing/using the Membrane CLI: login, create connections, discover and run actions. It does not instruct reading unrelated files, scraping environment variables, or sending data to unexpected endpoints. It explicitly advises not to ask users for API keys and to let Membrane handle auth.

ℹ Install Mechanism

There is no formal install spec (skill is instruction-only), but the README tells users to run 'npm install -g @membranehq/cli@latest' and uses 'npx' for ad-hoc runs. Installing from npm is a common, moderate-risk step — it writes to disk and executes code from the public registry. The skill does not point to a pinned version or a verified release URL; consider auditing the @membranehq/cli package source before global installation.

✓ Credentials

The skill declares no required environment variables and the instructions rely on Membrane for credential handling. No unrelated credentials or config paths are requested. This is proportionate to the stated purpose.

✓ Persistence & Privilege

The skill is not marked 'always: true' and uses normal autonomous invocation defaults. It is instruction-only and does not request persistent system-wide changes or modification of other skills' configs. Expect the Membrane CLI to store local auth state when you run 'membrane login', which is normal for a CLI.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install very-good-security
After installation, invoke the skill by name or use /very-good-security
Provide required inputs per the skill's parameter spec and get structured output

Version History

v1.0.3

Auto sync from membranedev/application-skills

v1.0.2

Revert refresh marker

v1.0.1

Refresh update marker

v1.0.0

Auto sync from membranedev/application-skills

Metadata

Slug very-good-security

Version 1.0.3

License MIT-0

All-time Installs 0

Active Installs 0

Total Versions 4

Frequently Asked Questions

What is Very Good Security?

Very Good Security integration. Manage data, records, and automate workflows. Use when the user wants to interact with Very Good Security data. It is an AI Agent Skill for Claude Code / OpenClaw, with 164 downloads so far.

How do I install Very Good Security?

Run "/install very-good-security" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Very Good Security free?

Yes, Very Good Security is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Very Good Security support?

Very Good Security is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Very Good Security?

It is built and maintained by Vlad Ursul (@gora050); the current version is v1.0.3.

More Skills