ClawHub

Self-Integration

v1.1.2

Connect to any external app and perform actions on it. Use when the user wants to interact with external services like Slack, Linear, HubSpot, Salesforce, Jira, GitHub, Google Sheets, or any other app — send messages, create tasks, sync data, manage contacts, or perform any API operation.

2· 696·1 current·1 all-time
by@bratchenko
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name and description say the skill will connect to external apps via Membrane; the only required secrets are MEMBRANE_TOKEN and MEMBRANE_API_URL, which directly match that purpose. There are no unrelated binaries, paths, or extra credentials requested.
Instruction Scope
SKILL.md instructs the agent to call Membrane endpoints (connections, search, connection-requests, agent sessions, actions) and to prompt the user to complete OAuth flows. It does not instruct the agent to read local files, other env vars, or exfiltrate data to third-party endpoints outside the Membrane API. Use of Membrane Agent sessions to auto-build connectors/actions is in-scope for the described capability.
Install Mechanism
No install spec and no code files — instruction-only. Nothing is downloaded or written to disk by the skill itself, which minimizes install risk.
Credentials
Only MEMBRANE_TOKEN (primary) and MEMBRANE_API_URL are required. Both are directly relevant for calling the Membrane API. There are no unrelated secrets or high-privilege environment variables requested.
Persistence & Privilege
The skill is not forced-always; it is user-invocable and allows normal autonomous invocation (platform default). It doesn't request to modify other skills or system-wide settings.
Assessment
This skill delegates access to other apps through the Membrane service. Before installing, ensure you trust the Membrane service and only supply a token with the minimum scope needed (or a limited/test account) because the token lets the skill perform actions on connected apps. Understand that the agent will initiate connection flows that may require the user to open authentication URLs to grant access to external services. If you need stronger assurances, ask for details about token scope, audit logs, and how to revoke the token.

Like a lobster shell, security has layers — review code before you run it.

latestvk973w57w5j5edkt03kym1kajsd8131b8

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

EnvMEMBRANE_TOKEN, MEMBRANE_API_URL
Primary envMEMBRANE_TOKEN

Comments