ClawHub

Afas Software

v1.0.0

AFAS Software integration. Manage data, records, and automate workflows. Use when the user wants to interact with AFAS Software data.

0· 33·0 current·0 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
CryptoCan make purchases
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The name/description (AFAS integration) aligns with the instructions: the SKILL.md enumerates AFAS entities (invoices, payroll, workflows, etc.) and CRUD/execute actions. No unrelated binaries, installs, or configuration paths are requested.
Instruction Scope
The SKILL.md requires network access and a valid Membrane account to operate; the visible instructions focus on AFAS/Membrane operations and do not (in the truncated content) ask the agent to read arbitrary local files or unrelated environment variables. Confirm the remainder of the SKILL.md does not instruct reading host files, shell history, or other unexpected data sources.
Install Mechanism
Instruction-only skill with no install spec and no code files — lowest-risk delivery (nothing is written to disk by the skill itself).
Credentials
The skill states it requires a Membrane account but declares no required environment variables or credentials. That can be reasonable if authentication is handled by the platform, but the skill does enable operations over sensitive HR/finance data — verify how credentials are provided and ensure least-privilege API credentials are used.
Persistence & Privilege
always is false and the skill does not request persistent system-wide privileges. Autonomous invocation is allowed (platform default); this is expected for skills and not itself a problem.
Assessment
This appears to be a legitimate AFAS integration delivered as an instruction-only skill. Before installing: 1) Confirm the skill's provenance (review the referenced repository/homepage) because the registry source is 'unknown'. 2) Verify how authentication to Membrane/AFAS is provided — prefer platform-managed, least-privilege API keys or scoped service accounts rather than full admin credentials. 3) Be aware this skill can list, modify, and execute workflows affecting sensitive HR/finance records — only enable it for agents/users who need that access and ensure audit logging. 4) Ask for the full SKILL.md (untruncated) or sample calls to confirm there are no instructions that read or exfiltrate local files or other unrelated secrets. If any of those checks fail or you can't confirm where credentials are stored, treat the skill as higher risk.

Like a lobster shell, security has layers — review code before you run it.

latestvk9744dwc10xqhgkrs43yc515ts848ety

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments