ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Make

v1.0.0

Make (formerly Integromat) automation platform — manage scenarios, trigger runs, monitor executions, manage connections, and handle data stores via the Make...

0· 473·6 current·6 all-time
by@aiwithabidi
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The requested primary credential (MAKE_API_KEY) is appropriate for a Make API client. MAKE_ZONE is declared as optional in SKILL.md, which is reasonable in principle, but the shipped code does not actually read or apply MAKE_ZONE — an implementation mismatch. The code also looks up WORKSPACE (not declared in requires.env) to read a local .env file, which is outside the documented inputs and broadens the skill's access surface.
!
Instruction Scope
SKILL.md states 'never stores data locally' and documents only MAKE_API_KEY / MAKE_ZONE, but the code will attempt to read a local file (~/.openclaw/workspace/.env) to obtain MAKE_API_KEY if the env var is absent. SKILL.md also documents behavior (default zone) that is not implemented. The runtime instructions and code confine network activity to the Make API, but the undocumented local file access and mismatched endpoint paths mean the runtime behavior does not fully match the published instructions.
Install Mechanism
This is an instruction-only skill with one included Python script and no install spec — no additional packages are pulled or archives extracted. That minimizes install-time risk.
!
Credentials
The primary credential MAKE_API_KEY is expected. However: (1) MAKE_ZONE is declared but not used by the code; (2) the script will read WORKSPACE (not declared) or default to a local path (~/.openclaw/workspace/.env) to find MAKE_API_KEY, which is not documented and may cause unexpected exposure of credentials; and (3) the skill references environment variables beyond those declared in SKILL.md. These are disproportionate to the stated purpose unless explicitly documented and consented to.
Persistence & Privilege
The skill does not request always:true, does not modify other skills or system configs, and does not install services. It only reads environment variables and a local .env file (read-only) and performs network calls, which is within expected privileges for a CLI client — but the undocumented file read is noteworthy.
What to consider before installing
This skill appears to be a Make (Integromat) CLI but has implementation issues and some undocumented behaviors. Before installing or providing credentials: 1) Inspect the code yourself (scripts/make.py) — confirm network calls go to the expected make.com domain and not an unexpected host. 2) Note that MAKE_ZONE is declared in SKILL.md but the script does not apply it (API_BASE contains an unformatted '{zone}' placeholder). Ask the author to fix the zone substitution or patch the script before use. 3) The script will try to read a local file (~/.openclaw/workspace/.env) to find MAKE_API_KEY if the env var is missing — this file path and the WORKSPACE env var are not documented. If you keep secrets in that path, consider moving them or passing MAKE_API_KEY explicitly. 4) Use a least-privilege API key for testing, run the tool from a sandboxed account, and rotate the key if you later suspect misuse. 5) Request that the publisher update SKILL.md to exactly match runtime behavior (declared env vars, file reads, and zone handling) and fix the API path/URL bugs. If you cannot validate these things, treat the skill as untrusted and avoid supplying production credentials.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

🔧 Clawdis
EnvMAKE_API_KEY, MAKE_ZONE
Primary envMAKE_API_KEY
latestvk971cjjemv92d87vpw75fakrth82anme
473downloads
0stars
1versions
Updated 16h ago
v1.0.0
MIT-0
@aiwithabidi
latest
Download

🔧 Make (Integromat)

Make (formerly Integromat) automation platform — manage scenarios, trigger runs, monitor executions, manage connections, and handle data stores via the Make API.

Features

  • Scenario management — list, activate, deactivate scenarios
  • Trigger runs — execute scenarios on demand
  • Execution logs — monitor run history and status
  • Connection management — view and manage app connections
  • Data store operations — CRUD on data stores
  • Webhook management — create and manage webhooks
  • Organization management — teams and users
  • Template browsing — discover scenario templates
  • Blueprint export — export scenario definitions
  • Usage monitoring — operations and data transfer stats

Requirements

VariableRequiredDescription
MAKE_API_KEYAPI key/token for Make (Integromat)
MAKE_ZONEAPI zone (default: us1.make.com)

Quick Start

# List scenarios
python3 {baseDir}/scripts/make.py scenarios --limit 20

# Get scenario details
python3 {baseDir}/scripts/make.py scenario-get 12345

# Trigger a scenario run
python3 {baseDir}/scripts/make.py scenario-run 12345

# Activate a scenario
python3 {baseDir}/scripts/make.py scenario-activate 12345

Commands

scenarios

List scenarios.

python3 {baseDir}/scripts/make.py scenarios --limit 20

scenario-get

Get scenario details.

python3 {baseDir}/scripts/make.py scenario-get 12345

scenario-run

Trigger a scenario run.

python3 {baseDir}/scripts/make.py scenario-run 12345

scenario-activate

Activate a scenario.

python3 {baseDir}/scripts/make.py scenario-activate 12345

scenario-deactivate

Deactivate a scenario.

python3 {baseDir}/scripts/make.py scenario-deactivate 12345

executions

List execution logs.

python3 {baseDir}/scripts/make.py executions --scenario 12345 --limit 20

execution-get

Get execution details.

python3 {baseDir}/scripts/make.py execution-get exec_abc

connections

List connections.

python3 {baseDir}/scripts/make.py connections --limit 20

data-stores

List data stores.

python3 {baseDir}/scripts/make.py data-stores

data-store-records

List data store records.

python3 {baseDir}/scripts/make.py data-store-records 789 --limit 50

webhooks

List webhooks.

python3 {baseDir}/scripts/make.py webhooks

webhook-create

Create a webhook.

python3 {baseDir}/scripts/make.py webhook-create '{"name":"My Hook"}'

organizations

List organizations.

python3 {baseDir}/scripts/make.py organizations

users

List team users.

python3 {baseDir}/scripts/make.py users

usage

Get usage stats.

python3 {baseDir}/scripts/make.py usage

Output Format

All commands output JSON by default. Add --human for readable formatted output.

# JSON (default, for programmatic use)
python3 {baseDir}/scripts/make.py scenarios --limit 5

# Human-readable
python3 {baseDir}/scripts/make.py scenarios --limit 5 --human

Script Reference

ScriptDescription
{baseDir}/scripts/make.pyMain CLI — all Make (Integromat) operations

Data Policy

This skill never stores data locally. All requests go directly to the Make (Integromat) API and results are returned to stdout. Your data stays on Make (Integromat) servers.

Credits

Built by M. Abidi | agxntsix.ai YouTube | GitHub Part of the AgxntSix Skill Suite for OpenClaw agents.

📅 Need help setting up OpenClaw for your business? Book a free consultation

Comments

Loading comments...