📦 Merge — 数据合并自动化

v1.0.0

统一整合多源数据与记录，自动同步并驱动工作流，让团队无需手动搬运即可实时获取最新信息。

0· 60·0 当前·0 累计

by @gora050 (Vlad Ursul)

自动化 API工具工作流

下载技能包

最后更新

2026/4/5

安全扫描

VirusTotal

可疑

查看报告

OpenClaw

安全

high confidence

The skill's instructions, requirements, and actions align with its stated purpose (using Membrane to interact with Merge); it asks for no unexplained credentials and is instruction-only, though it does require installing and running a third‑party CLI.

评估建议

This skill appears coherent: it instructs the agent to use the Membrane CLI to manage Merge connections and run actions, and it does not request secrets or unrelated access. Before installing/using it, consider: (1) you will need network access and a Membrane account and will perform an interactive login in a browser (or use a headless flow), (2) the SKILL.md asks you to install a global npm package — installing third-party CLIs executes code from the npm registry, so review the @membranehq pack...

详细分析 ▾

✓ 用途与能力

Name/description (Merge integration) match the instructions: the SKILL.md consistently describes using the Membrane CLI to connect to Merge, discover actions, run actions, and proxy raw API requests. No unrelated services or credentials are requested.

ℹ 指令范围

The instructions tell the agent/user to install and run the @membranehq/cli, perform an interactive browser login or headless flow, list/connect connections, run actions, and proxy requests. These are in-scope for a Merge integration. Minor inconsistency: the doc shows both a global npm install and an npx usage (npx@latest) — functionally fine but inconsistent.

ℹ 安装机制

There is no formal install spec in the registry (skill is instruction-only) but the SKILL.md instructs running npm install -g @membranehq/cli (or using npx). Installing a global npm package runs third-party code from the npm registry — expected for a CLI but a point to review (you may prefer npx or auditing the package first).

✓ 凭证需求

No environment variables, config paths, or credentials are requested by the skill. The doc explicitly advises against asking users for API keys and uses Membrane to manage auth server-side, which is proportionate to the stated purpose.

✓ 持久化与权限

always is false and the skill is user-invocable. It does not request permanent presence or system-wide config changes. No evidence it would modify other skills or system settings.

安全有层次，运行前请审查代码。

运行时依赖

无特殊依赖

版本

latestv1.0.02026/4/5

Auto sync from membranedev/application-skills

● 可疑

安装命令

点击复制

官方npx clawhub@latest install merge-1

镜像加速npx clawhub@latest install merge-1 --registry https://cn.longxiaskill.com

数据来源：ClawHub ↗ · 中文优化：龙虾技能库