ClawHub

Firmalyzer Iotvas Api

v1.0.2

Firmalyzer IoTVAS API integration. Manage Organizations. Use when the user wants to interact with Firmalyzer IoTVAS API data.

0· 123·0 current·0 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description are consistent with the runtime instructions: the SKILL.md explains using Membrane to manage Firmalyzer IoTVAS API connections and actions. Nothing requested (no env vars, no unrelated binaries) is out of scope for a connector integration.
Instruction Scope
Instructions only reference installing and using the Membrane CLI and its commands (login, connect, action list/run, request). They do not instruct reading unrelated files, scanning system state, or exfiltrating arbitrary local data. They do require network access and a Membrane account, which is reasonable for this integration.
Install Mechanism
There is no packaged install spec in the registry (instruction-only), but the SKILL.md instructs installing @membranehq/cli globally via npm. Using npm is common and acceptable, but installing global npm packages carries the usual supply-chain/trust considerations—verify the package namespace (@membranehq) and source before running, and avoid running npm install -g as root if you can.
Credentials
The skill declares no required environment variables or credentials and the documentation explicitly advises letting Membrane handle credentials via browser-based auth and server-side storage. This is proportionate to a connector-style integration.
Persistence & Privilege
The skill does not request always:true, does not modify other skills, and is instruction-only (no code that would remain installed by the registry). It relies on user-installed CLI tooling instead of persisting code in the agent.
Assessment
This skill is instruction-only and appears coherent: it tells you to install and use the Membrane CLI to access Firmalyzer via a connector. Before installing/using it: 1) verify the @membranehq/cli package and its publisher (check the npm page and GitHub repo) to avoid installing a spoofed package; 2) prefer installing CLI tools without elevated privileges when possible; 3) understand that requests and authentication are proxied through Membrane—review Membrane's privacy/security docs and the Firmalyzer connector permissions so you know what data could be sent (firmware samples, device identifiers, etc.); 4) avoid pasting sensitive local secrets into commands; and 5) if you need higher assurance, inspect the Membrane CLI source or use Membrane-managed web console instead of a global npm install.

Like a lobster shell, security has layers — review code before you run it.

latestvk978xhh413g82hwkkcszw21mv184253a

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments