ClawHub

Canny

v1.0.2

Canny integration. Manage data, records, and automate workflows. Use when the user wants to interact with Canny data.

0· 120·0 current·0 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (Canny integration) aligns with the runtime instructions: all actions are performed via the Membrane CLI which proxies requests to Canny. No unrelated services, binaries, or credentials are requested.
Instruction Scope
SKILL.md confines actions to installing/using the Membrane CLI, creating/using a Membrane connection, listing/running Membrane actions, and proxying requests to the Canny API. It does not instruct reading local sensitive files or fetching unrelated secrets. Note: the proxy facility allows arbitrary Canny API calls (expected for this integration).
Install Mechanism
No install spec in the skill bundle (instruction-only). It recommends `npm install -g @membranehq/cli`; this is a normal, expected mechanism but carries the usual npm-global risk (installation executes code from the npm registry). This is proportional to the stated need for the Membrane CLI.
Credentials
The skill declares no required env vars, no primary credential, and does not ask the agent to access unrelated credentials or config paths. It explicitly tells users not to provide API keys and to let Membrane handle auth.
Persistence & Privilege
Skill is not forced-always and does not request elevated persistence. Autonomous invocation is allowed (platform default) and appropriate for this integration. The skill does not modify other skills or global configs.
Assessment
This skill is coherent with its purpose, but consider these practical cautions before installing: 1) The Membrane CLI (recommended install) runs code from npm — install only if you trust @membranehq on the npm registry. 2) The CLI will open a browser for authentication and will proxy API calls to Canny; review what permissions the Membrane connector receives to avoid over-privileging. 3) Do not share API keys manually; follow the Membrane auth flow as instructed. 4) Because the skill can be invoked by the agent (default behavior), only enable it if you trust the skill's intended actions and the agent's autonomy policies.

Like a lobster shell, security has layers — review code before you run it.

latestvk97378bzj301z61m3zmfae62nd843a0c

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments