ClawHub

Journeyfront

v1.0.2

Journeyfront integration. Manage data, records, and automate workflows. Use when the user wants to interact with Journeyfront data.

0· 68·0 current·0 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The skill's name/description (Journeyfront integration) matches the instructions (use Membrane to interact with Journeyfront). However the registry metadata lists no required binaries even though SKILL.md requires the 'membrane' CLI (installed via npm). The omission is an inconsistency that should be corrected but does not by itself indicate malicious intent.
Instruction Scope
SKILL.md stays on scope: it documents logging in via Membrane, creating connections, listing/running actions, and proxying requests to Journeyfront. It does not instruct reading unrelated files, environment variables, or system paths, nor does it ask the agent to exfiltrate data to unexpected endpoints. It explicitly advises against asking users for API keys.
Install Mechanism
There is no automated install spec in the registry (instruction-only). The instructions recommend installing @membranehq/cli globally via 'npm install -g', which is a common but higher‑privilege install action compared with no install. Users should confirm the npm package and publisher before installing; the skill itself does not auto-download code.
Credentials
The skill requests no environment variables or credentials in the metadata and explicitly instructs to rely on Membrane-managed connections rather than local secrets. This is proportionate to the stated purpose.
Persistence & Privilege
The skill is not always-enabled and has no install-time code or files in the package. It does not request persistent system privileges or modify other skills' configurations.
Assessment
This skill appears to do what it says: it uses the Membrane CLI as a proxy to talk to Journeyfront. Before installing or using it: 1) verify you trust Membrane (@membranehq on npm and https://getmembrane.com) because your requests and credentials will be handled by their service; 2) inspect the @membranehq/cli npm package (maintainer, version, and source) before running 'npm install -g'; 3) be aware that running 'membrane request' will send data through Membrane’s servers — avoid sending sensitive data unless you trust the provider; 4) note the minor inconsistency that the skill metadata does not declare the 'membrane' binary as required — ensure the CLI is installed and up-to-date before use. If you need higher assurance, review the Membrane CLI source (github.com/membranedev) and test in an isolated environment first.

Like a lobster shell, security has layers — review code before you run it.

latestvk97bnrwx0h28g7m86nvjw3fyjd8438c5

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments