ClawHub

Lettria

v1.0.0

Lettria integration. Manage data, records, and automate workflows. Use when the user wants to interact with Lettria data.

0· 87·0 current·0 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name and description describe interacting with Lettria data; SKILL.md consistently instructs using Membrane as a proxy/connector to access Lettria. No unrelated credentials, binaries, or paths are requested.
Instruction Scope
Instructions focus on installing and using the Membrane CLI, creating a connector, listing actions, running actions, and proxying requests to Lettria. They do not instruct reading arbitrary system files or exfiltrating data. Note: the skill tells the user/agent to run commands that perform browser-based auth (membrane login) and to install packages — these actions have side effects (network, local config changes) that are expected but should be acknowledged before running.
Install Mechanism
There is no platform install spec in the package; instead the README instructs the user to run 'npm install -g @membranehq/cli'. Installing a global npm package is a common but privileged local change; the package comes from the public npm namespace @membranehq (traceable). This is moderate risk in general (trust the npm package and review it if unsure).
Credentials
The skill declares no required environment variables or credentials and explicitly instructs to let Membrane manage auth. That aligns with the described proxy approach and does not ask for unrelated secrets.
Persistence & Privilege
The skill is instruction-only, has no install-time persistence, and does not request always:true or other elevated platform privileges. It relies on the user's Membrane login/session, which is expected for this integration.
Assessment
This skill is coherent: it uses the Membrane CLI to access Lettria and does not request unrelated secrets. Before installing or running it, verify you trust the @membranehq npm package and the Membrane service because authentication is done through Membrane (browser-based login) and will grant Membrane access to the connected Lettria account. If you have security concerns: (1) inspect the @membranehq/cli package contents or its GitHub repo, (2) prefer installing in a controlled environment (container or VM) first, (3) avoid pasting API keys into chat — use the connector flow as recommended, and (4) confirm the connector IDs and actions you run before executing commands that modify data.

Like a lobster shell, security has layers — review code before you run it.

latestvk979c94n4j0vmem55jj1j0rcm584h1qf

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments