ClawHub

Chatbotkit

v1.0.2

ChatBotKit integration. Manage data, records, and automate workflows. Use when the user wants to interact with ChatBotKit data.

0· 80·0 current·0 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The skill claims to integrate with ChatBotKit and all runtime instructions use the Membrane CLI as a proxy to ChatBotKit APIs. Not asking for unrelated credentials or system access is appropriate because Membrane is presented as handling auth server-side.
Instruction Scope
SKILL.md instructs the agent/user to install and run the Membrane CLI (npm install -g @membranehq/cli) and to perform membrane login and membrane action/request commands. These instructions stay within the stated integration purpose and do not request unrelated files or environment variables, but they do require network access and browser-based auth and give the CLI broad ability to proxy requests to ChatBotKit.
Install Mechanism
There is no bundler-provided install spec (the skill is instruction-only). The README tells the user to install an external npm package globally. That is a reasonable approach for a CLI-based integration, but global npm installs and executing a third-party CLI carry typical supply-chain risk — verify the @membranehq/cli package and vendor before installing.
Credentials
The skill declares no required environment variables or credentials. It relies on Membrane to manage authentication, which matches the guidance in SKILL.md. No disproportionate secrets or unrelated credentials are requested.
Persistence & Privilege
always is false and the skill is user-invocable; it does not request persistent system changes. The skill's runtime behavior is limited to prompting use of the Membrane CLI and network access via that CLI.
Assessment
This skill is instruction-only and coherent for integrating with ChatBotKit via the Membrane proxy, but before using it: (1) verify the vendor (getmembrane.com) and the npm package @membranehq/cli on npmjs and GitHub to ensure they are legitimate, (2) prefer installing the CLI in an isolated environment or using a local (non-global) install to reduce risk from third-party binaries, (3) be aware the CLI will open a browser for authentication and that Membrane will hold connection credentials server-side — only create connections to services you trust, (4) review any actions/requests the skill runs (they can proxy arbitrary API calls via Membrane), and (5) avoid entering unrelated secrets into your environment when following these instructions.

Like a lobster shell, security has layers — review code before you run it.

latestvk97e98cfjx2qq089wpzne4tkah8428r1

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments