ClawHub

Ibanfirst

v1.0.2

IBanFirst integration. Manage data, records, and automate workflows. Use when the user wants to interact with IBanFirst data.

0· 88·0 current·0 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The skill's name/description (IBanFirst integration) matches the runtime instructions (use Membrane to connect, run actions, or proxy requests). Minor inconsistency: the manifest declares no required binaries, but the SKILL.md clearly requires the Membrane CLI (npm package) to be installed and used.
Instruction Scope
SKILL.md stays within scope: it instructs installing/using the Membrane CLI, creating connections, listing actions, running actions, and proxying API calls. It does not instruct reading unrelated files or exporting secrets; it explicitly tells the user not to ask for API keys and to let Membrane manage credentials.
Install Mechanism
There is no manifest install spec (instruction-only), but SKILL.md tells the user to install @membranehq/cli via npm (global install) or use npx. This is a moderate-risk action because it directs installing a third-party CLI; the package is on npm and the instructions use standard tooling rather than arbitrary downloads, which is proportionate for the stated purpose.
Credentials
The skill does not request environment variables, credentials, or config paths in the manifest. Runtime behavior relies on Membrane's browser-based login flow, which is appropriate for delegating IBanFirst credentials to Membrane rather than asking the user for API keys locally.
Persistence & Privilege
No special persistence is requested (always:false). The skill is not installing persistent agents or modifying other skills; it's instruction-only and relies on user-installed CLI tooling.
Assessment
This skill appears to do what it says: it uses the Membrane platform to talk to IBanFirst. Before installing or running anything: 1) Verify you trust Membrane (check the npm package @membranehq/cli, the homepage and the GitHub repo) because Membrane will proxy and hold your IBanFirst credentials. 2) When authenticating, review the OAuth/permission scopes presented in the browser. 3) Prefer using npx or an audit of the npm package instead of a global npm install if you want to avoid system-wide installs. 4) Note the minor manifest mismatch: the skill requires the Membrane CLI even though 'required binaries' is empty—expect to install or run the CLI. 5) If you need stronger isolation, consider a dedicated Membrane account with limited access or test on a non-production IBanFirst account first.

Like a lobster shell, security has layers — review code before you run it.

latestvk9749ge402dcsery5trepzmyp18425j2

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments