Snyk

Snyk integration. Manage Projects, Organizations. Use when the user wants to interact with Snyk data.

This skill delegates Snyk access to the Membrane CLI rather than asking for Snyk API keys, which is coherent and generally preferable. Before installing: 1) Verify you trust the Membrane project and the npm package (@membranehq/cli); prefer using npx or a scoped install if you don't want a global npm install. 2) Confirm the homepage/repository and package integrity (check the package on npm / GitHub releases) to reduce supply-chain risk. 3) Be aware that once you create a Membrane connection it can access Snyk data according to the permissions you grant — review those permissions in your Membrane account and in Snyk. 4) Note the metadata omission: the skill's manifest didn't list required binaries (node/npm, membrane) even though the SKILL.md assumes them. That mismatch is a documentation omission, not a functional red flag, but you should ensure the required tooling is installed from trusted sources.

Type: OpenClaw Skill Name: snyk-integration Version: 1.0.3 The skill facilitates Snyk integration via the Membrane CLI, requiring high-risk operations such as the global installation of an NPM package (`npm install -g @membranehq/cli`) and the execution of dynamically generated remote actions. While these capabilities are aligned with the stated purpose of using the Membrane platform (getmembrane.com) for API orchestration, the requirement for global software installation and the reliance on third-party remote logic execution constitute a broad permission set and a significant attack surface. No explicit malicious intent or data exfiltration was observed in the provided files.