ClawHub

Aiia

v1.0.0

Aiia integration. Manage data, records, and automate workflows. Use when the user wants to interact with Aiia data.

0· 61·0 current·0 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
CryptoCan make purchases
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description state an Aiia integration and the SKILL.md only instructs using the Membrane CLI to discover connectors, create connections, run actions, and proxy requests to Aiia. No unrelated services, env vars, or binaries are requested.
Instruction Scope
Runtime instructions stay on-topic: installing/using the Membrane CLI, logging in via browser, creating connections, listing actions, running actions, and proxying requests. The doc does not direct the agent to read arbitrary local files, other environment variables, or exfiltrate data to unexpected endpoints.
Install Mechanism
There is no automated install spec in the package, but the SKILL.md instructs users to run `npm install -g @membranehq/cli` (and suggests `npx` for ad-hoc runs). Installing a global npm CLI is a normal way to get this functionality, but it does mean code will be fetched from the npm registry and run on the host — verify the package's publisher and review the upstream repo before installing.
Credentials
The skill requests no environment variables or credentials and explicitly tells users to let Membrane handle authentication server-side. It only requires a Membrane account and network access, which are proportionate to the stated purpose.
Persistence & Privilege
The skill is instruction-only, has no install-time persistence, and does not request always:true or other elevated privileges. Autonomous invocation is allowed by default but is not combined with broad credential access or other red flags.
Assessment
This skill appears coherent: it instructs using the Membrane CLI to access Aiia and does not ask for unrelated secrets. Before you install or run anything: (1) verify the @membranehq/cli package on npm and its GitHub repo to ensure you trust the publisher; (2) prefer running via `npx` if you want to avoid a global install; (3) expect browser-based OAuth flows (the CLI opens a URL or provides a code to paste); (4) the skill relies on network access and a Membrane account — do not provide bank API keys locally because Membrane manages auth server-side; and (5) because the skill is instruction-only, it won't itself execute commands on your machine unless you run the CLI commands the agent suggests. If you need higher assurance, ask the maintainer for package provenance or a signed release before installing globally.

Like a lobster shell, security has layers — review code before you run it.

latestvk978jp9b6d881k28g72bs9pmtn84bw9r

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments