ClawHub

Budgetsai

v1.0.0

Budgets.ai integration. Manage data, records, and automate workflows. Use when the user wants to interact with Budgets.ai data.

0· 55·0 current·0 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The skill describes a Budgets.ai integration and all runtime instructions use the Membrane CLI to discover connectors, create connections, run actions, or proxy requests to Budgets.ai. It does not request unrelated credentials or resources.
Instruction Scope
SKILL.md only instructs installing and using the Membrane CLI and the browser-based login flow, plus how to list/run actions and proxy API calls. It does not instruct reading arbitrary files, exfiltrating env vars, or contacting unexpected endpoints beyond Membrane/Budgets.ai.
Install Mechanism
There is no registry install spec; the doc tells users to run `npm install -g @membranehq/cli`. Asking users to install a CLI from the public npm registry is reasonable for this use case, but it carries normal supply-chain risk (npm packages are external code). If you are cautious, verify the package and its repository before globally installing.
Credentials
The skill declares no required environment variables or credentials and explicitly recommends letting Membrane handle auth rather than asking for API keys. This is proportionate to the stated purpose.
Persistence & Privilege
The skill is instruction-only, has no install-time hooks in the registry, and is not always-enabled. It does not request persistent system-wide privileges or manipulate other skills' configs.
Assessment
This skill appears coherent: it relies on the Membrane CLI to talk to Budgets.ai and does not ask for unrelated secrets. Before installing, verify the Membrane CLI package and repository (npm/@membranehq and the GitHub repo) to ensure you're installing the official tool, and prefer running the CLI in a controlled environment (avoid global installs if you cannot vet the package). Do not provide unrelated credentials, and confirm the homepage/repo links match the vendor you expect.

Like a lobster shell, security has layers — review code before you run it.

latestvk979qqh1zze5beagpf5367g0g184b7p1

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments