ClawHub

Middesk

v1.0.2

Middesk integration. Manage Companies. Use when the user wants to interact with Middesk data.

0· 98·0 current·0 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description say 'Middesk' integration and the SKILL.md instructs the agent to use the Membrane CLI to connect to Middesk, list/run actions, and proxy API requests — these requirements match the stated purpose.
Instruction Scope
Runtime instructions are limited to installing/using the Membrane CLI, performing login flows, creating connections, listing actions, running actions, and proxying requests to Middesk. The instructions do not request reading unrelated files or environment variables or exfiltrating data to unexpected endpoints.
Install Mechanism
The skill is instruction-only (no automated install spec). It tells users to install @membranehq/cli via npm (global install or npx). npm is a standard registry, but global installs write to disk and run third‑party code, so users should prefer npx or verify the package origin if they want to avoid a persistent global install.
Credentials
The skill does not request environment variables or local credentials and explicitly recommends using Membrane to avoid collecting API keys. However, using this skill delegates authentication and API access to the Membrane service (getmembrane.com), so you must trust that third party with access to Middesk API calls and any returned data.
Persistence & Privilege
The skill does not request 'always' presence and has no install-time modifications to other skills or global agent settings. Agent autonomous invocation is enabled by default but is not combined with other concerning privileges.
Assessment
This skill appears to do what it says: it uses Membrane's CLI to access Middesk. Before installing, consider the following: - Trust: Membrane will broker authentication and proxy requests, so you must trust getmembrane.com with access to your Middesk data and any tokens it manages. Review Membrane's privacy/security docs. - Install method: Prefer running the CLI via npx (@membranehq/cli) to avoid a global npm install, or verify the npm package source if you choose to install globally. - Login flow: Authentication opens a browser or uses copy/paste codes in headless environments — do not paste those codes into untrusted contexts. - Principle of least privilege: Only create connections you intend to use, and review any Membrane-scoped permissions before authorizing. - Operational caution: The skill instructs running commands that will issue live API requests; avoid running commands that include sensitive data unless you understand where the output goes. If you need higher assurance, ask the publisher for a pinned package SHA or review the @membranehq/cli repository and privacy/security documentation before use.

Like a lobster shell, security has layers — review code before you run it.

latestvk9754hwsn5ak14ceyg2nwbmk5h842f40

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments