Ironclad
v1.0.2Ironclad integration. Manage data, records, and automate workflows. Use when the user wants to interact with Ironclad data.
⭐ 0· 98·0 current·0 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description (Ironclad integration) match the instructions: SKILL.md directs the agent to use the Membrane CLI to connect to Ironclad, discover actions, run actions, or proxy raw API requests. Nothing in the skill asks for unrelated cloud credentials or system-level access.
Instruction Scope
Instructions stay within the stated purpose (discover and run Ironclad actions via Membrane). They tell the user/agent to install and run the Membrane CLI and to authenticate via browser. Important note: requests and proxied API calls will pass contract/data through Membrane's service — this is expected for this integration but is a privacy/security consideration (sensitive contract data will flow to Membrane's servers).
Install Mechanism
No install spec embedded in the skill package, but SKILL.md instructs installing @membranehq/cli via npm (global). Installing an npm package from the public registry is a common approach but carries typical npm risks — verify package provenance, prefer pinned versions or npx for one-off runs if you distrust global installs.
Credentials
The skill declares no environment variables or credentials and instructs you to use Membrane to manage auth (so you do not supply Ironclad API keys directly). Requiring a Membrane account is proportional to the functionality. No unrelated secrets or system config paths are requested.
Persistence & Privilege
The skill does not request always:true, does not install background services, and is instruction-only. The only persistent artifact would be the Membrane CLI and its local config created by performing 'membrane login' (normal and limited scope).
Assessment
This skill appears coherent: it uses the Membrane CLI as an intermediary to talk to Ironclad and does not ask for unrelated credentials. Before installing/using it, consider: 1) Membrane will proxy API calls and therefore will receive any contract or sensitive data you send—review Membrane's privacy/security and trust model. 2) Verify the npm package @membranehq/cli (publisher, package integrity) before a global install; consider using npx or a pinned version. 3) Perform authentication (membrane login) only in a trusted browser environment. 4) If you need strict data residency or audit requirements, confirm that using a third-party proxy (Membrane) is acceptable. If any of these concerns are unacceptable, do not install/use the skill until you can verify or replace the proxy with a mechanism meeting your policies.Like a lobster shell, security has layers — review code before you run it.
latestvk9737m7s26gn2gj34r2g41mp1d843mda
License
MIT-0
Free to use, modify, and redistribute. No attribution required.