ClawHub

Groundhogg

v1.0.2

GroundHogg integration. Manage Persons, Organizations, Deals, Pipelines, Users, Roles and more. Use when the user wants to interact with GroundHogg data.

0· 87·0 current·0 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (GroundHogg integration) align with the instructions: all runtime actions are performed via the Membrane CLI and Membrane's proxy to GroundHogg. The requirement for a Membrane account and network access is appropriate for this integration.
Instruction Scope
SKILL.md only directs the agent to install and run the Membrane CLI, create/list connections, list/run actions, and optionally proxy API calls. It does not instruct reading unrelated local files, harvesting environment variables, or sending data to unexpected endpoints. Auth is delegated to Membrane rather than asking for local secrets.
Install Mechanism
This is an instruction-only skill (no automatic install). It tells users to run `npm install -g @membranehq/cli`. That is a common approach but does involve installing a third-party global npm package — verify the package and publisher before installing, especially on sensitive systems.
Credentials
The skill declares no required environment variables or local credentials. It relies on Membrane to manage authentication server-side, which is proportionate to the stated purpose.
Persistence & Privilege
The skill is not always-enabled and is user-invocable. It does not request privileged system persistence or modify other skills' configurations. Autonomous invocation is allowed (platform default) but there are no additional privilege escalations requested by the skill.
Assessment
This skill is coherent: it uses the Membrane CLI to talk to GroundHogg and asks for no unrelated secrets. Before using it, verify the @membranehq/cli package on npm and the Membrane service (homepage/repo) so you trust the publisher; avoid installing global npm packages on sensitive machines without review. Remember Membrane will hold and use credentials server-side — only proceed if you trust that third party. If you want tighter control, disable autonomous skill invocation or only run the skill when explicitly invoked.

Like a lobster shell, security has layers — review code before you run it.

latestvk9715f4pzn1n7z3dymtmvw6hbx842w3g

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments