ClawHub

Aha

v1.0.0

Aha! integration. Manage data, records, and automate workflows. Use when the user wants to interact with Aha! data.

0· 66·0 current·0 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (Aha! integration) match the runtime instructions: all actions are performed via the Membrane CLI which proxies requests to Aha!. Nothing in the skill asks for unrelated credentials, binaries, or system resources.
Instruction Scope
SKILL.md only instructs the agent/user to install and use the Membrane CLI, create a connection, list actions, run actions, or proxy requests to Aha!. It does not ask to read unrelated files, pull unrelated environment variables, or exfiltrate data to unknown endpoints. The guidance to prefer Membrane and use its proxy is explicit and scoped to the integration.
Install Mechanism
No install spec in the registry; the document recommends installing @membranehq/cli via npm (global install or npx). Installing a public npm CLI is a reasonable choice for this skill but carries standard npm risks (postinstall scripts, global package modification). Using npx or reviewing the package/repo reduces risk.
Credentials
The skill requests no local environment variables or secrets. Authentication is offloaded to Membrane, so the only sensitive action is granting Membrane access to Aha! on the user's behalf — this is expected for a connector but requires trusting the third-party (Membrane) with Aha! data.
Persistence & Privilege
The skill is instruction-only, does not request always: true, does not modify other skills, and does not require system-level persistence or elevated privileges.
Assessment
This skill appears coherent and uses the Membrane CLI to talk to Aha!, so the main decision is whether you trust Membrane as a third party. Before installing: 1) Prefer running with npx (npx @membranehq/cli@latest ...) to avoid a global npm install; 2) Review the @membranehq/cli package and its GitHub repo (https://github.com/membranedev/application-skills) and check for recent maintainer activity and known vulnerabilities; 3) Understand that granting a Membrane connection lets that service access your Aha! data — verify its permissions, privacy policy, and whether this is allowed by your organization; 4) If you must install globally, do so in a controlled environment and ensure npm is up to date; 5) Consider least-privilege connectors (narrow-scoped access) and test on non-production Aha! workspaces first.

Like a lobster shell, security has layers — review code before you run it.

latestvk974dr8evbggk3krk6m8b6986184acxa

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments