ClawHub

Aidaform

v1.0.2

Aidaform integration. Manage data, records, and automate workflows. Use when the user wants to interact with Aidaform data.

0· 93·0 current·0 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name and description state an Aidaform integration and every required action in SKILL.md (discover connectors, create connections, run actions, proxy API calls) maps to that purpose. No unrelated services, creds, or binaries are requested.
Instruction Scope
Runtime instructions are limited to using the Membrane CLI (npx @membranehq/cli) to authenticate, list connections/actions, run actions, and proxy API calls to Aidaform. They do not instruct reading unrelated files, environment variables, or exfiltrating data to unknown endpoints.
Install Mechanism
This is an instruction-only skill with no install spec, but it directs runtime use of `npx @membranehq/cli@latest`. That will fetch and execute a package from the public npm registry (moderate risk compared to instruction-only). This is expected for a CLI-based integration, but you should verify the package and publisher (@membranehq) before running in sensitive environments.
Credentials
No environment variables or unrelated credentials are requested. The CLI stores credentials locally (noted path: ~/.membrane/credentials.json) after browser-based auth. This is proportionate, but be aware tokens are stored on disk and Membrane will act as a proxy for Aidaform API calls.
Persistence & Privilege
The skill does not request always:true or elevated persistence. Autonomous invocation is allowed by default (disable-model-invocation=false), which is normal for skills; nothing here amplifies that privilege.
Assessment
This skill appears coherent for integrating Aidaform via the Membrane CLI. Before installing or running: 1) verify the npm package owner (@membranehq) and review the CLI's project/release pages; 2) understand `npx` will fetch and execute code from npm at runtime; 3) be aware the CLI stores auth tokens at ~/.membrane/credentials.json — treat that file as sensitive and remove it if you no longer trust the integration; 4) in headless environments follow the documented flow carefully and never paste sensitive tokens into untrusted channels. If you need higher assurance, review the Membrane CLI source and privacy/security docs before use.

Like a lobster shell, security has layers — review code before you run it.

latestvk976dzg5jn7qdeke2ynt6kt25s84321r

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments