ClawHub

Emplifi

v1.0.2

emplifi integration. Manage data, records, and automate workflows. Use when the user wants to interact with emplifi data.

0· 87·0 current·0 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description match the runtime instructions: the SKILL.md consistently tells the agent to use the Membrane CLI to access Emplifi. No unrelated secrets, binaries, or config paths are requested.
Instruction Scope
Instructions direct the agent to run membrane CLI commands (action list/run, connection list, request proxy) and to perform browser-based OAuth flows. These are within the stated purpose, but the 'membrane request' proxy can forward arbitrary API paths to Emplifi, so the agent (or user following instructions) may send or retrieve any data accessible via the connection.
Install Mechanism
This is an instruction-only skill with no install spec, but it tells users to run `npm install -g @membranehq/cli` (and uses `npx` in examples). Installing a global npm package runs third-party code and is a trust decision; using `npx` or ephemeral installs reduces persistence risk.
Credentials
The skill requests no environment variables or credentials and explicitly instructs not to ask users for API keys; it relies on Membrane to manage auth. The requested access (a Membrane account and network) is proportional to the described functionality.
Persistence & Privilege
always is false and there are no install scripts or file writes in the skill itself. The skill does not request elevated or persistent platform privileges.
Assessment
This skill appears to do what it says, but it relies on the third-party Membrane CLI and your Membrane/Emplifi connector. Before installing or running commands: verify the @membranehq package publisher (review the npm/GitHub repo and homepage), prefer running commands with `npx` or in an isolated environment instead of a global `npm install -g`, confirm you trust the Membrane account and connector you authenticate, review which Emplifi scopes/permissions the connector requests, and avoid pasting unrelated secrets. If you need higher assurance, inspect the CLI source on the referenced GitHub repo and test in a disposable container or VM.

Like a lobster shell, security has layers — review code before you run it.

latestvk97ezgk9qjs6mcg0d4m31rfj1n842fh9

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments