ClawHub

Clay

v1.0.2

Clay integration. Manage data, records, and automate workflows. Use when the user wants to interact with Clay data.

0· 83·0 current·0 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (Clay integration) aligns with the instructions: all runtime steps use the Membrane CLI to discover connectors, create a connection, run actions, or proxy requests to the Clay API. There are no unrelated environment variables, binaries, or config paths requested.
Instruction Scope
SKILL.md is instruction-only and tells the agent to install and run the Membrane CLI, perform an OAuth-style browser login, enumerate actions, run actions, and proxy API requests via Membrane. The instructions do not ask the agent to read unrelated local files or exfiltrate secrets, but they do direct traffic through Membrane's servers and rely on the user/browser login flow.
Install Mechanism
There is no install spec in the skill bundle, but the README advises installing a global npm package (@membranehq/cli). This is an expected mechanism for a CLI-based integration. Installing global npm packages requires network access and elevated npm permissions; users should verify the package and repository before installing.
Credentials
The skill declares no required environment variables or credentials. Authentication is delegated to Membrane (browser login/connection). This is proportionate for a connector integration, though it does mean you are delegating Clay credential management to the Membrane service.
Persistence & Privilege
always:false (default) and the skill is user-invocable. Autonomous invocation is allowed by platform default but the skill itself does not request elevated persistence or attempt to modify other skills/config. The main risk is normal for any third-party connector: if invoked autonomously it could perform Clay operations via the confirmed Membrane connection.
Assessment
This skill appears to do what it says (it uses Membrane to talk to Clay). Before installing or running it: 1) Verify the @membranehq/cli npm package and the referenced GitHub repo (ensure package publisher, checksum, and repo look legitimate). 2) Understand that authentication and API calls are proxied through Membrane (getmembrane.com) — you must trust that service with access to your Clay data and tokens. 3) During the connect/login flow, inspect the scopes/permissions requested and prefer least-privileged accounts. 4) Installing the CLI globally (-g) requires permissions; consider installing locally or reviewing package contents first. 5) If you need stronger assurance, test with a throwaway Clay account or limited-permission connector before connecting production data.

Like a lobster shell, security has layers — review code before you run it.

latestvk974ydz2abtx8b5hft2p44nf4x8429m5

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments