ClawHub

Ascora

v1.0.2

Ascora integration. Manage data, records, and automate workflows. Use when the user wants to interact with Ascora data.

0· 93·0 current·0 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The skill's name and description match the instructions: it tells the agent to interact with Ascora via the Membrane CLI. There are no unrelated required env vars, binaries, or config paths requested.
Instruction Scope
SKILL.md instructs the agent to install and run the Membrane CLI, perform login (browser-based or headless code flow), create/connect connectors, list/run actions, and proxy API requests. These instructions stay within the stated purpose but will cause network requests and send Ascora API calls through Membrane (i.e., Membrane will see proxied requests and manage credentials).
Install Mechanism
No install spec baked into the skill bundle (instruction-only). It recommends `npm install -g @membranehq/cli`, which is a standard distribution channel but does execute third-party code locally and requires elevated permissions for a global install—verify the npm package identity and trustworthiness before installing.
Credentials
The skill requests no environment variables or local credentials and explicitly defers auth to Membrane. That is proportionate, but be aware that delegating auth means Membrane (a third party) will hold/refresh credentials and see proxied request data.
Persistence & Privilege
always is false and there are no instructions to modify other skills or system-wide agent settings. The skill does not request permanent elevated presence.
Assessment
This skill is coherent for its stated purpose, but before installing or using it: 1) verify the Membrane CLI package (@membranehq/cli) on npm and confirm the publisher and version are legitimate; 2) confirm the getmembrane.com / Membrane service is trustworthy for handling your Ascora credentials and request payloads, since proxied API traffic and auth tokens will be routed through their servers; 3) prefer installing the CLI in a controlled environment (container, dedicated VM, or non-root local user) because `npm install -g` runs third-party code with elevated permissions; 4) review connector permissions in Membrane so the connector only has the minimum Ascora scopes needed; and 5) if you have strict data-residency or compliance requirements, evaluate whether routing data through Membrane meets them.

Like a lobster shell, security has layers — review code before you run it.

latestvk979c10drfwf8w9fbbwe7y857x843rf1

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments