ClawHub

Albato

v1.0.2

Albato integration. Manage data, records, and automate workflows. Use when the user wants to interact with Albato data.

0· 74·0 current·0 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The skill declares an Albato integration and all runtime instructions use the Membrane CLI to discover connectors, create connections, and proxy requests to Albato — this is consistent with the stated purpose.
Instruction Scope
Instructions ask the agent/operator to install and run the Membrane CLI, perform interactive OAuth flows, run action discovery and proxy arbitrary API requests through Membrane. This stays within the scope of integrating with Albato, but note that proxying arbitrary endpoints will send request data to Membrane's service (expected for this design) and the CLI commands run locally.
Install Mechanism
There is no registry install spec, but the SKILL.md recommends installing @membranehq/cli from the public npm registry (npm install -g or npx). This is a normal, traceable mechanism for a CLI; be aware global npm installs modify the host environment and you should verify the npm package and publisher before installing.
Credentials
The skill declares no required environment variables or credentials. It explicitly advises not to request API keys because Membrane handles auth server-side. No unrelated secrets or config paths are requested.
Persistence & Privilege
The skill does not request always:true or any elevated persistence; it is user-invocable and uses normal autonomous invocation defaults. It does not instruct changing other skills or system-wide agent settings.
Assessment
This skill is coherent for interacting with Albato via Membrane. Things to consider before installing/using it: (1) the flow routes requests and authentication through Membrane's service — you are trusting Membrane with connector credentials and proxied request data, so review their privacy/security posture; (2) the SKILL.md recommends installing a global npm package (@membranehq/cli) — verify the package name, publisher, and npm page before running npm install -g; (3) the commands open browser-based OAuth flows or print one-time codes — follow secure practices and don’t paste long-lived secrets into chat; (4) because this is an instruction-only skill with no code bundled in the registry, confirm the upstream repository and package integrity if you require higher assurance. If you need greater assurance, ask the publisher for a signed package or an audited installation source.

Like a lobster shell, security has layers — review code before you run it.

latestvk975je5gt14cz713af5s3mzp4h843z3h

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments