ClawHub

Finastra

v1.0.0

Finastra integration. Manage data, records, and automate workflows. Use when the user wants to interact with Finastra data.

0· 27·0 current·0 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (Finastra integration) match the instructions: all actions are routed through the Membrane CLI/proxy. The requested steps (installing @membranehq/cli and creating a Membrane connection to Finastra) are reasonable and expected for this purpose.
Instruction Scope
Instructions stay within the stated purpose: installing the Membrane CLI, logging in, creating a connector, listing/running actions, or proxying requests to the Finastra API. Notably, all API calls are proxied through Membrane (so Finastra credentials and requests go through that third party). The SKILL.md does not instruct reading local secrets or unrelated system files.
Install Mechanism
There is no install spec in the registry (instruction-only skill), but the instructions require running npm install -g @membranehq/cli. Installing a public npm CLI is a moderate-risk action that requires trusting the package publisher and the npm registry; the package name appears to match the service referenced (Membrane).
Credentials
The skill declares no environment variables or local config access. It requires a Membrane account and network access, which are proportional to a cloud-proxy integration. The SKILL.md explicitly recommends not asking users for Finastra API keys and instead relying on Membrane to manage credentials.
Persistence & Privilege
always is false and the skill does not request persistent presence or system-wide configuration changes. It instructs the user to install a CLI and create connections, which are normal user actions and do not imply elevated platform privileges.
Assessment
This skill appears to do what it claims: it instructs the agent to use the Membrane CLI to access Finastra. Before installing or using it, verify you trust Membrane and the npm package owner (@membranehq). Recommended checks: confirm the package publisher and version on npm, review Membrane's privacy/security docs and the repository linked in the SKILL.md, and when possible test with a non-production or least-privileged Finastra/Membrane account. Avoid installing global npm packages on highly-sensitive systems without review. If you need stricter assurance, ask the skill author for a checksum/source tarball or request an enterprise-approved integration path directly from your security team.

Like a lobster shell, security has layers — review code before you run it.

latestvk97009kkg8dnvnqcmn7gns5k91847bck

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments