ClawHub

Chargeblast

v1.0.2

Chargeblast integration. Manage data, records, and automate workflows. Use when the user wants to interact with Chargeblast data.

0· 112·0 current·0 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description indicate a Chargeblast integration and the SKILL.md consistently instructs the agent to use the Membrane CLI to discover and run Chargeblast actions. Network access and a Membrane account are reasonable requirements for this functionality.
Instruction Scope
Instructions are limited to installing the Membrane CLI, logging in, creating/using connectors, listing/running actions, and proxying API requests through Membrane. The doc does not request reading local files, unrelated env vars, or exfiltrating data outside the Membrane flow.
Install Mechanism
There is no registry-level install spec (this is instruction-only), but the SKILL.md asks users to run a global npm install of @membranehq/cli. That's a reasonable, common step for CLI-based integrations but it does modify the host environment and should be reviewed before running (verify package source/signature).
Credentials
The skill declares no required environment variables or credentials and relies on Membrane's browser-based login and server-side credential management — this is proportionate to a connector-based integration.
Persistence & Privilege
The skill is not marked always:true, has no install artifacts in the registry, and does not request elevated or system-wide privileges. It does not instruct modifying other skills or system settings.
Assessment
This skill is instruction-only and appears to do what it says: it asks you to install the official Membrane CLI and to log in with a Membrane account to manage Chargeblast connectors. Before installing or running commands: (1) verify the @membranehq/cli package and its source (npm page, GitHub repo) are legitimate; (2) avoid running global npm installs as root where possible; (3) be aware that 'membrane request' proxies arbitrary API paths to the remote service—only run requests you trust and avoid pasting secrets into freeform inputs; (4) confirm the repository/homepage links (getmembrane.com, the GitHub repo) match your expectations. There are no regex scan findings in the package to review, and the skill does not request unrelated credentials or filesystem access.

Like a lobster shell, security has layers — review code before you run it.

latestvk9797cb6svammbzw6z1gqs99md843wdd

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments