ClawHub

Crowdin

v1.0.0

Crowdin integration. Manage data, records, and automate workflows. Use when the user wants to interact with Crowdin data.

0· 48·0 current·0 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the instructions: the SKILL.md describes connecting to Crowdin and managing Crowdin data via Membrane. Required capabilities (network, Membrane account, Membrane CLI) are appropriate for the stated purpose.
Instruction Scope
The instructions are narrowly scoped to installing and using the Membrane CLI to create connections, list actions, run actions, and proxy API requests to Crowdin. The doc does not instruct reading unrelated files, asking for arbitrary env vars, or exfiltrating data beyond the Crowdin integration flow.
Install Mechanism
This is an instruction-only skill (no install spec), but the README tells users to run `npm install -g @membranehq/cli` (or use npx). Installing a global npm package is a common but privileged action because it executes third-party code on the host; verify the package and prefer using npx or constrained installs if you cannot trust the package.
Credentials
The skill declares no required env vars or credentials. It explicitly delegates auth to Membrane (OAuth via browser flow), which is proportionate for a connector-based Crowdin integration. Note: this means you're delegating access to Crowdin credentials to the Membrane service.
Persistence & Privilege
The skill does not request always:true, does not modify other skills, and has no install-time hooks in the manifest. It is instruction-only and will only act when invoked.
Assessment
This skill appears coherent and limited to Crowdin tasks, but before installing/using it: 1) Verify and trust the @membranehq/cli package (review its npm page, maintainers, and source) because installing global npm packages runs third-party code. Prefer using `npx` or a local install if you cannot audit the package. 2) Understand that auth is handled server-side by Membrane — review what permissions/scopes the Crowdin connector requests and ensure you are comfortable delegating access to Membrane's service. 3) Check your organization's policy on third-party SaaS connectors and OAuth flows. If any of these are unacceptable, do not install or connect; otherwise the skill's behavior matches its description.

Like a lobster shell, security has layers — review code before you run it.

latestvk97c6a9zaw5qbekngw9zs5ky4s84czt5

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments