ClawHub

Heysummit

v1.0.2

HeySummit integration. Manage Summits. Use when the user wants to interact with HeySummit data.

0· 92·0 current·0 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description claim HeySummit integration and the SKILL.md consistently instructs the agent to use the Membrane CLI to connect to HeySummit. The required Membrane account and network access align with that purpose; there are no unrelated credential or binary requirements.
Instruction Scope
All runtime instructions are limited to installing/using the Membrane CLI, logging in, creating/checking connections, running pre-built actions, or proxying requests to HeySummit through Membrane. The instructions do not ask the agent to read arbitrary local files, harvest unrelated environment variables, or transmit data to unexpected endpoints.
Install Mechanism
The skill is instruction-only (no install spec). SKILL.md tells users to run `npm install -g @membranehq/cli` — a public npm package. This is a reasonable and expected install path for a CLI, but installing global npm packages runs third-party code from the public registry and carries the usual supply-chain risks; the instruction is not executed automatically by the registry, it's a manual/agent action.
Credentials
No environment variables, primary credentials, or config paths are requested. The SKILL.md explicitly advises not to ask users for HeySummit API keys and relies on Membrane to manage auth, which is proportionate to the stated integration purpose. It does require a Membrane account (declared).
Persistence & Privilege
Skill metadata does not request always:true or any special system persistence. Model invocation is enabled (default), which is normal — there is no additional privilege escalation or cross-skill config modification requested.
Assessment
This skill appears coherent: it uses the Membrane CLI to proxy HeySummit API calls rather than asking for API keys. Before installing or running it, consider: 1) confirm you trust the @membranehq/cli npm package (review its npm page or source) because installing global npm packages executes third-party code; 2) the CLI will open a browser-based auth flow (or emit a URL for headless environments) — ensure you perform that flow only for trusted accounts; 3) the agent may run membrane CLI commands if invoked, so avoid running on devices with sensitive local data unless you trust the Membrane tenant and CLI; and 4) if you want to restrict autonomous behavior, you can disable model invocation for skills in your agent settings (the skill itself does not request special privileges).

Like a lobster shell, security has layers — review code before you run it.

latestvk978bd0t3r4xr444pycvhwmme5842rk9

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments