Civicrm
v1.0.2CiviCRM integration. Manage data, records, and automate workflows. Use when the user wants to interact with CiviCRM data.
⭐ 0· 107·0 current·0 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name/description claim CiviCRM integration and the SKILL.md exclusively instructs use of the Membrane CLI to connect, list actions, and run CiviCRM operations — this is proportionate to the stated purpose.
Instruction Scope
Instructions are narrowly scoped to installing and using the @membranehq/cli to connect to CiviCRM and run actions (including create/update/delete). The SKILL.md does not request unrelated files or environment variables, but it does route API calls and request payloads through Membrane's service — users should be aware that CiviCRM data will transit Membrane's infrastructure.
Install Mechanism
The install guidance is an npm global install of @membranehq/cli (public npm package). This is expected for a CLI-based integration but is a moderate-risk install vector compared to instruction-only skills because it writes software to the host (useful to verify package publisher and integrity).
Credentials
No environment variables or unrelated credentials are requested. Authentication is performed via Membrane's login flow (browser/OAuth style). The credential scope described matches the integration model.
Persistence & Privilege
The skill does not request always:true or system config changes. It is user-invocable and allows normal agent invocation; note that the agent can perform destructive operations (delete/update) via the CLI if allowed, so consider who/what can invoke the skill.
Assessment
This skill appears internally consistent, but before installing: 1) confirm you trust Membrane (getmembrane.com and the @membranehq npm package) because CiviCRM API requests and data will be proxied through their service; 2) understand the Membrane login flow grants access to your CiviCRM connection (browser OAuth) and that actions include create/update/delete — limit who/what can invoke the skill; 3) verify the npm package publisher and consider installing the CLI in a container or isolated environment rather than globally if you want lower risk; 4) back up your CiviCRM data and review permission scopes for the connector; and 5) if you need stronger guarantees about data handling, request additional documentation (privacy/security practices) from the skill/provider before granting access.Like a lobster shell, security has layers — review code before you run it.
latestvk97bt674ennr82qwykv36k7nm984371p
License
MIT-0
Free to use, modify, and redistribute. No attribution required.