ClawHub

Contractbook

v1.0.2

Contractbook integration. Manage data, records, and automate workflows. Use when the user wants to interact with Contractbook data.

0· 66·0 current·0 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The skill's name/description (Contractbook integration) matches the instructions, which use the Membrane CLI to connect to Contractbook, run actions, and proxy API requests. It does not request unrelated credentials or system access.
Instruction Scope
SKILL.md confines runtime behavior to installing/using the Membrane CLI, performing login via browser, creating connections, listing/triggering actions, and proxying Contractbook API calls. It does not instruct reading local files or unrelated environment variables.
Install Mechanism
No install spec in the manifest (instruction-only). The doc recommends installing @membranehq/cli via npm -g (public registry). This is a common approach but installing global npm packages modifies the host environment and pulls code from the npm registry (moderate trust required).
Credentials
The skill declares no required environment variables and delegates authentication to Membrane (browser OAuth flow). It does not ask for unrelated secrets or multiple external credentials.
Persistence & Privilege
always:false and no install-time modifications to other skills or system-wide agent settings are requested. The skill does not request permanent elevated presence.
Assessment
This skill is instruction-only and uses the Membrane CLI to talk to Contractbook, which is coherent with its stated purpose. Before installing/using it: (1) verify you trust the @membranehq/cli package and its GitHub/npm pages (global npm installs run code on your machine); (2) be aware auth is handled via a browser login—Membrane will store and refresh tokens on your behalf, so ensure that fits your security policies; (3) review Membrane's proxy usage if you have concerns about routing API requests through a third party; (4) in corporate environments, check with IT about installing global npm packages or using third-party agent tools.

Like a lobster shell, security has layers — review code before you run it.

latestvk97ceptgdwd6rvv3drgem5cc7n84223m

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments