ClawHub

Cincopa

v1.0.2

Cincopa integration. Manage data, records, and automate workflows. Use when the user wants to interact with Cincopa data.

0· 95·0 current·0 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the instructions: the SKILL.md exclusively documents using Membrane to connect to Cincopa and run actions. There are no unrelated env vars, binaries, or config paths requested.
Instruction Scope
Instructions are scoped to installing/using the Membrane CLI, creating a connection, listing actions, running actions, and proxying requests to the Cincopa API. They do not instruct reading unrelated files, accessing other credentials, or exfiltrating data.
Install Mechanism
No formal install spec in the registry, but the SKILL.md instructs users to run `npm install -g @membranehq/cli` (public npm package). Installing a global npm CLI is a common pattern but carries moderate supply-chain/trust risk; the package and its publisher should be verified before installing.
Credentials
The skill requests no environment variables or secrets. It explicitly tells users not to provide API keys and to let Membrane handle auth, which is proportionate — but it requires trusting Membrane to hold and refresh credentials on the user's behalf.
Persistence & Privilege
The skill does not request persistent/always-on privileges and does not modify other skills or system-wide agent settings. The only persistent action implied is installing the Membrane CLI if the user chooses to do so.
Assessment
This skill appears to do what it says: it uses the Membrane CLI to proxy requests to Cincopa. Before installing/using it, verify the @membranehq/cli package and publisher on npm and GitHub, confirm the Membrane service (getmembrane.com) is trustworthy and its privacy/security policies meet your needs, and be aware that creating a connection will grant Membrane access to your Cincopa account (use least-privilege credentials or a test account if possible). Installing a global npm package runs code on your machine — inspect the package or prefer non-global installs if you are cautious. If you need stronger assurance, ask the publisher for signed releases or audit logs showing what the connection will allow Membrane to do.

Like a lobster shell, security has layers — review code before you run it.

latestvk978sxay4txhaz87385nn0830s843pxr

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments