ClawHub

Easypost

v1.0.2

EasyPost integration. Manage Shipments, Addresses, CarrierAccounts, Batchs, Reports, Refunds and more. Use when the user wants to interact with EasyPost data.

0· 81·0 current·0 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The skill is an EasyPost integration and all instructions revolve around using the Membrane CLI to connect to and proxy requests to EasyPost. Required capabilities (network access, Membrane account, Membrane CLI) are coherent with the described functionality.
Instruction Scope
SKILL.md limits runtime actions to installing/using the Membrane CLI, creating/listing connections, running actions, and proxying requests to EasyPost. It does not instruct reading unrelated files, asking for arbitrary secrets, or sending data to unexpected endpoints.
Install Mechanism
There is no formal install spec in the registry, but the instructions tell users to run `npm install -g @membranehq/cli`. Installing a global npm package executes code from the npm registry (moderate risk), but this is expected for a CLI-driven integration. Verify you trust the @membranehq/cli package and prefer using vetted package managers or pinned versions where possible.
Credentials
The skill does not request environment variables or credentials. It explicitly recommends letting Membrane manage credentials server-side rather than asking users for API keys, which aligns with the integration model.
Persistence & Privilege
The skill is not always-enabled and does not request persistent system-level changes. It does not modify other skills' configs or request elevated platform privileges.
Assessment
This skill is coherent: it uses the Membrane CLI to interact with EasyPost and doesn't ask for unrelated secrets. Before installing, ensure you trust the @membranehq/cli npm package (global npm installs execute code), have a Membrane account, and are comfortable completing the browser-based authentication flow (or the headless URL/code flow). If you prefer not to install global npm packages, run the CLI in a container or use a pinned, reviewed installation method.

Like a lobster shell, security has layers — review code before you run it.

latestvk97ayrrtmnyajvat011v5bv9vh8427wg

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments