ClawHub

Brightpearl

v1.0.2

Brightpearl integration. Manage data, records, and automate workflows. Use when the user wants to interact with Brightpearl data.

0· 74·0 current·0 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The skill is labeled as a Brightpearl integration and all instructions describe using the Membrane CLI to discover connectors, create connections, run actions, and proxy Brightpearl API calls. There are no unrelated requested credentials, binaries, or config paths.
Instruction Scope
SKILL.md instructs only to install/run the Membrane CLI, authenticate via the browser, list connections/actions, run actions, and proxy requests. It does not ask the agent to read arbitrary files, environment variables, or post data to unexpected endpoints. It explicitly advises against asking users for API keys.
Install Mechanism
This is an instruction-only skill (no install spec) but tells users to run `npm install -g @membranehq/cli` or use `npx`. Installing a public npm CLI is a common pattern and coherent here, but installing global npm packages carries inherent supply-chain risk — verify the package and publisher before installing.
Credentials
The skill declares no required environment variables or credentials. Authentication is delegated to Membrane (browser-based or headless flow), which is appropriate for the described functionality.
Persistence & Privilege
The skill is not always-enabled and does not request system-wide configuration changes or access to other skills' credentials. It does not require persistent privileges beyond normal CLI usage.
Assessment
This skill appears coherent: it uses the Membrane CLI as the integration layer rather than asking for Brightpearl keys. Before installing/using it: (1) verify the @membranehq/cli package on npm and the publisher/repository match the skill's homepage (https://getmembrane.com / https://github.com/membranedev) to avoid malicious packages; (2) prefer running via npx (or inspect package contents) instead of a global install if you want less system persistence; (3) run initial actions in a non-production environment to confirm behavior; (4) confirm you trust Membrane as the party that will hold/refresh your Brightpearl credentials and review their privacy/security docs; (5) avoid pasting secrets into chat — follow the Membrane browser auth flow as instructed.

Like a lobster shell, security has layers — review code before you run it.

latestvk970d4temjncv8zq1dy8az021x843bp7

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments