ClawHub

Flespi

v1.0.2

Flespi integration. Manage data, records, and automate workflows. Use when the user wants to interact with Flespi data.

0· 91·0 current·0 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (Flespi integration) matches the instructions (using Membrane CLI to discover connectors, create connections, run actions, and proxy requests to Flespi). No unrelated credentials, binaries, or config paths are requested.
Instruction Scope
SKILL.md limits runtime actions to installing/using the Membrane CLI, logging in, creating connections, listing/running actions, and proxying requests. It does not instruct reading unrelated files or exfiltrating secrets and explicitly recommends not asking users for API keys.
Install Mechanism
There is no automatic install spec in the registry; the doc suggests a standard npm global install or using npx. This is a typical, low-risk instruction-only pattern.
Credentials
The skill requests no environment variables, config paths, or credentials in the registry metadata. It requires a Membrane account (documented) and network access, which are proportionate to the integration.
Persistence & Privilege
The skill is not marked always:true and is instruction-only with no code that would request persistent privileges or modify other skills. Autonomous invocation is allowed by default but does not combine with other red flags here.
Assessment
This skill is instruction-only and appears coherent, but consider these precautions before using it: 1) The skill relies on Membrane — only proceed if you trust getmembrane.com/@membranehq and review the connector’s permissions during the browser auth flow. 2) When installing the CLI, prefer npx or verify the npm package name and publisher (npm install -g @membranehq/cli) to avoid installing a malicious package. 3) Be aware that 'membrane request' proxies arbitrary API calls to Flespi under the authenticated connection; ensure the connection you create has only the scopes you intend. 4) Do not share your Membrane account credentials; follow standard account-security best practices. If you want deeper scrutiny, provide the Membrane CLI package repository/sha or the connector implementation code for review.

Like a lobster shell, security has layers — review code before you run it.

latestvk97dxvr69b3hdvxjzgxwpe2f158439k6

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments