← 返回 Skills 市场
gora050

New Sloth

作者 Vlad Ursul · GitHub ↗ · v1.0.3 · MIT-0
cross-platform ⚠ suspicious
215
总下载
0
收藏
0
当前安装
4
版本数
在 OpenClaw 中安装
/install new-sloth
功能描述
New Sloth integration. Manage Organizations. Use when the user wants to interact with New Sloth data.
安全使用建议
This skill is basically an instruction set for using the Membrane CLI to talk to a New Sloth connector — that is coherent. Before you install/run it: 1) Verify you trust the @membranehq/cli npm package and the homepage (getmembrane.com). 2) Prefer installing a pinned version (not @latest) or inspect the package contents before a global install; npx @latest fetches code on each run and can change behavior unexpectedly. 3) Expect the CLI to persist some auth state locally despite the doc's 'no local secrets' wording — if you need to minimize local credentials, run in a sandbox or ephemeral environment. 4) If you are security-conscious, audit the npm package (or run it in an isolated container) and confirm the connector's source before granting access to production data. If you want, I can list concrete commands to inspect the npm package before installing or suggest safer alternatives (e.g., run the CLI inside a container).
功能分析
Type: OpenClaw Skill Name: new-sloth Version: 1.0.3 The skill bundle provides instructions for an AI agent to interact with the Membrane CLI to manage integrations for a service called 'New Sloth'. The instructions in SKILL.md cover standard procedures for installing the '@membranehq/cli' npm package, authenticating, and executing actions through the Membrane platform. No evidence of data exfiltration, malicious code execution, or harmful prompt injection was found; the logic is consistent with the stated purpose of using a third-party integration tool.
能力评估
Purpose & Capability
The name/description (New Sloth integration) aligns with the instructions: all runtime actions use the Membrane CLI to connect to a 'new-sloth' connector, list/discover actions, create actions, and run them. Requiring a Membrane account and network access is reasonable for this purpose.
Instruction Scope
SKILL.md instructions stay within the stated purpose (install Membrane CLI, login, connect, discover/run actions). They do not instruct reading arbitrary system files or exporting unrelated credentials. However, the doc's claim that 'Membrane manages the full Auth lifecycle server-side with no local secrets' conflicts with the explicit interactive login flow (membrane login / login complete) which typically involves local CLI state; the instructions also encourage using npx/@latest which fetches code at runtime.
Install Mechanism
There is no formal registry install spec, but the SKILL.md tells users to run `npm install -g @membranehq/cli@latest` and uses `npx @membranehq/cli@latest`. Installing or fetching unpinned packages from npm (and global installs) is a moderate risk: npm packages can execute arbitrary code and @latest allows silent changes over time. The instruction to perform global installs/frequent dynamic fetches increases the attack surface.
Credentials
The skill declares no required env vars or credentials in registry metadata, and the doc explicitly advises not to ask users for API keys (use Membrane connections instead). That is proportionate. But the doc's assurance of 'no local secrets' is misleading given the CLI login flow; the CLI will likely persist credentials/tokens locally or require the user to complete auth flows — users should assume local credential material may be written by the CLI.
Persistence & Privilege
Registry flags are normal (always:false, user-invocable:true, model invocation enabled). The skill does not claim or request persistent system-wide privileges. The only persistence risk is from the Membrane CLI itself (it may store tokens/config locally), which is outside the skill's direct registry footprint.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install new-sloth
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /new-sloth 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.3
Auto sync from membranedev/application-skills
v1.0.2
Revert refresh marker
v1.0.1
Refresh update marker
v1.0.0
Auto sync from membranedev/application-skills
元数据
Slug new-sloth
版本 1.0.3
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 4
常见问题

New Sloth 是什么?

New Sloth integration. Manage Organizations. Use when the user wants to interact with New Sloth data. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 215 次。

如何安装 New Sloth?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install new-sloth」即可一键安装,无需额外配置。

New Sloth 是免费的吗?

是的,New Sloth 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

New Sloth 支持哪些平台?

New Sloth 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 New Sloth?

由 Vlad Ursul(@gora050)开发并维护,当前版本 v1.0.3。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论