ClawHub

Cometly

v1.0.2

Cometly integration. Manage data, records, and automate workflows. Use when the user wants to interact with Cometly data.

0· 94·0 current·0 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (Cometly integration) matches the instructions: all actions are mediated via the Membrane CLI to interact with Cometly. There are no unrelated environment variables, binaries, or config paths requested.
Instruction Scope
SKILL.md only instructs installing and using the Membrane CLI, creating connections, listing actions, running actions, and using a proxy to call the Cometly API. It does not instruct reading arbitrary files, exfiltrating system data, or accessing credentials outside the expected OAuth/browser flow.
Install Mechanism
This is an instruction-only skill (no install spec), but it tells users to run `npm install -g @membranehq/cli`. Global npm installs modify the host environment; this is expected for a CLI-based workflow but is a user-side action you should consciously approve (verify publisher, prefer non-global install or containerized use if concerned).
Credentials
The skill declares no required env vars or secrets. Authentication is handled via the Membrane login browser flow. No unrelated credentials (AWS, GitHub tokens, etc.) are requested.
Persistence & Privilege
The skill does not request 'always: true' and does not modify other skills or system-wide configs. It relies on the Membrane service for auth/session management; there is no persistent privilege requested by the skill itself.
Assessment
This skill is internally consistent: it expects you to install and use the Membrane CLI and to authenticate via the browser-based Membrane login. Before installing, verify the @membranehq/cli package and the Membrane project (homepage and GitHub repo) to ensure you trust the publisher. If you prefer less host impact, consider running the CLI in a container or VM rather than installing globally. Be aware that once connected, the CLI can proxy arbitrary API requests to Cometly on your behalf (so only connect accounts you intend to expose to Membrane) and never paste sensitive tokens to unknown prompts. No scan findings were present in the provided package (instruction-only).

Like a lobster shell, security has layers — review code before you run it.

latestvk97a2ydk3hh4kayfsn3h0v4pzd843a0e

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments