Hostaway

v1.0.0

Hostaway integration. Manage data, records, and automate workflows. Use when the user wants to interact with Hostaway data.

⭐ 0· 28·0 current·0 all-time

byVlad Ursul@gora050

MIT-0

Download zip

LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.

Security Scan

Capability signals

CryptoCan make purchases

These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.

VirusTotal

Benign

View report →

OpenClaw

Benign

high confidence

✓

Purpose & Capability

Name, description, and runtime instructions all describe interacting with Hostaway via the Membrane CLI/proxy. One minor inconsistency: the registry metadata lists no required binaries, but the runtime instructions explicitly require installing and using the 'membrane' CLI.

✓

Instruction Scope

SKILL.md stays on-topic: it instructs installing Membrane CLI, logging in, creating connections, listing/running actions, and proxying requests to Hostaway. It does not instruct reading arbitrary system files or prompting for unrelated credentials. It explicitly recommends not asking users for API keys.

ℹ

Install Mechanism

The instructions tell the user to install @membranehq/cli via npm (global install) or use npx. Installing code from the public npm registry is a reasonable delivery for a CLI but carries the usual supply-chain risk (you run third-party code). The skill itself has no formal install spec in the manifest, so the install step is purely in documentation.

✓

Credentials

The skill declares no required environment variables or credentials and delegates auth to Membrane. Requesting a Membrane account and network access is proportionate to the stated purpose. Note: using Membrane means trusting an external service with Hostaway data.

✓

Persistence & Privilege

Skill is not marked always:true and is user-invocable; model invocation is allowed (platform default). The SKILL.md does not ask to modify other skills or system-wide settings.

Assessment

This skill appears coherent for interacting with Hostaway via Membrane, but you should: (1) verify you trust Membrane (data will be proxied through their service) and review their privacy/security docs; (2) inspect the @membranehq/cli package/repository and prefer running it via npx or inside a container/VM rather than doing an unrestricted global install; (3) be cautious about pasting any unrelated secrets into commands or prompts; and (4) note the minor manifest mismatch that doesn't list the 'membrane' CLI as a required binary even though the instructions rely on it — confirm the environment where you run this skill can safely install/run the CLI.

Like a lobster shell, security has layers — review code before you run it.

latestvk97bep4kzzptv97qfhtgnx54bx848h6x

License

MIT-0

Free to use, modify, and redistribute. No attribution required.

Termshttps://spdx.org/licenses/MIT-0.html

Hostaway

License

Comments