ClawHub

Herobot Chatbot Marketing

v1.0.2

HeroBot Chatbot Marketing integration. Manage Organizations. Use when the user wants to interact with HeroBot Chatbot Marketing data.

0· 75·0 current·0 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The skill claims to integrate with HeroBot via the Membrane platform, and all runtime instructions use the Membrane CLI — this is coherent with the stated purpose. However, the skill metadata declares no required binaries or credentials even though the SKILL.md instructs installing and using the 'membrane' CLI (and a browser for login), so the manifest is incomplete.
Instruction Scope
The SKILL.md stays within scope: it only instructs installing and using the Membrane CLI, creating connections, listing actions, running actions, and optionally proxying requests to the HeroBot API. It does not instruct reading unrelated files or environment variables.
Install Mechanism
There is no formal install spec in the registry (instruction-only), but the docs tell the user to run 'npm install -g @membranehq/cli'. Installing a global npm package is expected for this integration, but the absent install declaration and the need to run a third-party CLI should be noted and verified (check package ownership and repository).
Credentials
The skill does not request any environment variables or credentials in the manifest; it relies on Membrane to manage auth. This is proportionate to the described functionality, but it does place trust in Membrane's server-side credential handling and the local CLI's storage of tokens.
Persistence & Privilege
The skill is instruction-only with no install script and 'always' is false. It does not request elevated or permanent platform privileges in the manifest.
Assessment
This skill appears to do what it claims: use Membrane's CLI as a proxy to call HeroBot APIs. Before installing, verify the @membranehq/cli package and its repository (ensure it's the official package), and confirm you trust Membrane to manage credentials and proxy requests. Note the registry metadata does not declare the 'membrane' CLI or npm as required binaries even though the instructions ask you to install them — that mismatch is harmless but worth being aware of. When running in shared or hosted environments, be cautious about completing interactive logins and about what data you send through Membrane's proxy (it will see proxied request contents). If you need higher assurance, inspect the CLI repository and license, and prefer running the CLI on a machine you control.

Like a lobster shell, security has layers — review code before you run it.

latestvk97dhspgjj07w1s8z4we5rp74184392v

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments