ClawHub

Copernica

v1.0.2

Copernica integration. Manage data, records, and automate workflows. Use when the user wants to interact with Copernica data.

0· 84·0 current·0 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the instructions: all operations are about interacting with Copernica via the Membrane CLI and proxy. Required capabilities (network access, Membrane account) are appropriate for the stated purpose.
Instruction Scope
SKILL.md only instructs installing/using the Membrane CLI, creating a connection, listing actions, running actions, or proxying requests to the Copernica API. It does not ask the agent to read unrelated files or environment variables or to send data to unexpected endpoints.
Install Mechanism
The skill is instruction-only (no install spec in registry), but instructs the user to run `npm install -g @membranehq/cli`. This is a reasonable approach for a CLI-backed integration, but installing a global npm package is a moderate-risk action — verify the package (author, npm page, GitHub repository, and package signing) before installing and be aware it will add a binary to your system PATH.
Credentials
The skill requests no environment variables or secrets. It explicitly directs using Membrane-managed connections instead of asking for Copernica API keys locally, which is proportionate and reduces local secret handling.
Persistence & Privilege
Skill is not always-enabled and does not request elevated platform privileges. It does not modify other skills or request persistent system configuration. Autonomous invocation remains allowed by default, but that is expected and not combined with other red flags here.
Scan Findings in Context
[no_regex_findings] expected: This is an instruction-only skill with no code files, so the regex-based scanner had no code to analyze. That absence of findings is expected and not evidence of safety.
Assessment
This skill appears coherent: it uses the Membrane CLI to connect to Copernica and avoids asking for raw API keys. Before installing, verify the @membranehq/cli package and its GitHub/npm pages (author, downloads, recent activity, issues). Be aware installing a global npm package modifies your PATH. Also recognize you are trusting Membrane's service to handle authentication and proxy requests to Copernica — review Membrane's privacy/security documentation and the connection details produced by the CLI before running actions that access or modify customer data.

Like a lobster shell, security has layers — review code before you run it.

latestvk970bt3gxs9a63d8rrpxhbgygd843216

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments