ClawHub

Getemails

v1.0.2

GetEmails integration. Manage Emails, Contacts, Labels. Use when the user wants to interact with GetEmails data.

0· 66·0 current·0 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name and description match the runtime instructions: the SKILL.md explains how to use the Membrane CLI to interact with GetEmails (actions, connections, proxy requests). Required capabilities (network, a Membrane account) are appropriate for the stated purpose.
Instruction Scope
Instructions are limited to installing and using the Membrane CLI, creating a connection via browser-based auth, listing actions, running actions, and proxying requests. The skill does not instruct reading unrelated files, harvesting arbitrary environment variables, or sending data to unexpected endpoints.
Install Mechanism
This is an instruction-only skill (no install spec), but the SKILL.md tells users to run `npm install -g @membranehq/cli`. Installing a global npm package is a common way to get the required CLI, but it does modify the system and relies on the npm registry/package authenticity. The install is traceable to a named npm package and an apparent GitHub repo, so risk is moderate but expected for this use case.
Credentials
The skill declares no required environment variables or credentials and explicitly instructs not to ask users for API keys (Membrane handles auth). Requiring a Membrane account and network access is proportionate to proxying calls to GetEmails.
Persistence & Privilege
The skill does not request always: true and does not modify other skills or system-wide agent settings. It is user-invocable and can be invoked autonomously (platform default), which is expected for a plugin of this type.
Assessment
This skill appears to do what it says: it uses the Membrane CLI to access GetEmails. Before installing/using it: 1) Verify the @membranehq/cli npm package and the Membrane project (GitHub repo and npm publisher) to reduce supply-chain risk; consider installing the CLI in a controlled environment (non-root user, node version manager, or container) if you’re concerned about global npm installs. 2) Be aware that Membrane will mediate authentication and hold tokens server-side — review Membrane’s privacy/security documentation before connecting sensitive accounts. 3) If you need higher assurance, test the workflow in an isolated environment and confirm the actions and API calls made via `membrane request` before running them on production data.

Like a lobster shell, security has layers — review code before you run it.

latestvk979a44227mx51pr1nmpwmjk4n842y0j

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments