ClawHub

Here

v1.0.2

HERE integration. Manage data, records, and automate workflows. Use when the user wants to interact with HERE data.

0· 97·0 current·0 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (HERE integration) matches the instructions: all actions are performed through the Membrane CLI and its proxy to HERE. There are no unrelated environment variables, binaries, or config paths requested.
Instruction Scope
SKILL.md directs the user to install/run the Membrane CLI, login via browser, create/connect a HERE connector, list actions, run actions, or proxy raw requests. It does not instruct reading unrelated files or exfiltrating environment variables. It explicitly advises against asking users for API keys.
Install Mechanism
There is no registry install spec, but the guide recommends installing @membranehq/cli via `npm install -g` (and uses `npx` in examples). Installing a global npm package is a reasonable, common choice for CLI tooling but does carry normal supply-chain/trust risks; the skill itself does not bundle or download arbitrary archives.
Credentials
The skill declares no required env vars or credentials and relies on Membrane's hosted auth. That is proportionate to a connector-style integration. No unrelated secrets are requested.
Persistence & Privilege
The skill is instruction-only, not always-enabled, and doesn't request persistent system privileges or modify other skills. It relies on the external Membrane service for auth and proxying.
Assessment
This skill appears coherent and does what it claims, but before installing or using it consider: 1) You must install and trust the third-party Membrane CLI (@membranehq/cli). Verify the package source (npm package page, GitHub repo at the referenced URL) and review its code or release provenance if you care about supply-chain risk. 2) Membrane acts as a proxy and will see requests/responses and manage credentials server-side — do not send sensitive secrets or PII through it unless you trust their service and privacy policy. 3) Prefer running the CLI via `npx` or in an isolated environment/container rather than `npm install -g` if you want to limit global changes. 4) Confirm the tenancy/auth flow (browser-based login) fits your environment (headless vs GUI). If you are comfortable trusting Membrane/getmembrane.com and installing the CLI, the skill is proportionate to its stated purpose.

Like a lobster shell, security has layers — review code before you run it.

latestvk971q1ba9vqc2yzbdgdz3rsyk18425wp

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments