ClawHub

Customer Fields

v1.0.2

Customer Fields integration. Manage Organizations, Leads, Pipelines, Users, Goals, Filters. Use when the user wants to interact with Customer Fields data.

0· 101·0 current·0 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (Customer Fields integration) align with the instructions: all commands and flows target Membrane CLI and Customer Fields (Shopify). No unrelated credentials, binaries, or system paths are requested.
Instruction Scope
Instructions are limited to installing and using the Membrane CLI, creating/listing connections, running actions, and proxying requests. They require network access and browser-based login; the only potential scope concern is that requests and credentials are handled by the remote Membrane service, so data and auth are relayed to that third party (which is expected for this integration).
Install Mechanism
There is no registry install spec; the SKILL.md tells users to run `npm install -g @membranehq/cli`. Installing a global npm package is normal for a CLI but does fetch and run third‑party code from the npm registry—this is expected but worth noticing.
Credentials
The skill declares no required environment variables or credential artifacts and instead uses Membrane for auth. This is proportionate to the stated purpose. The main trust requirement is toward the Membrane service which will store/handle auth tokens.
Persistence & Privilege
always:false and no install-time changes are declared. The skill does not request persistent presence or modify other skills/configuration. It relies on user-run CLI commands and browser authentication.
Assessment
This skill is coherent: it expects you to install and use the Membrane CLI and to authenticate to Membrane in a browser so Membrane can proxy requests to Customer Fields. Before installing/use: (1) confirm you trust getmembrane.com and the @membranehq/cli npm package (review their docs, security/privacy pages, and the npm package listing), (2) be aware that data and auth are handled by Membrane (tokens stored server-side by them), and (3) do not paste unrelated secrets into CLI commands. If you run the CLI in automated/headless environments, follow the documented headless login flow and verify any URLs/codes before using them.

Like a lobster shell, security has layers — review code before you run it.

latestvk97bbysv5apydf4nrnbj9yab6x842bf6

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments