ClawHub

New Sloth

v1.0.2

New Sloth integration. Manage Organizations. Use when the user wants to interact with New Sloth data.

0· 122·0 current·0 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (manage New Sloth data / organizations) matches the runtime instructions: all actions are performed via the Membrane CLI and its connector for New Sloth. Nothing in the skill asks for unrelated services or credentials.
Instruction Scope
SKILL.md confines runtime behavior to installing/using the Membrane CLI, performing connector search/connect/action-run/request proxy calls, and using Membrane's auth flows. It does not instruct reading arbitrary host files, system credentials, or sending data to third-party endpoints outside Membrane's proxy.
Install Mechanism
There is no automated install spec (skill is instruction-only). The doc recommends installing @membranehq/cli via npm (-g). This is expected for a CLI-based integration, but installing a global npm package should be done only after verifying the package/source and considering privilege impact on the machine.
Credentials
The skill declares no required environment variables or credentials and explicitly advises using Membrane's connection flow rather than asking for API keys. The requested access is proportional to the stated purpose.
Persistence & Privilege
The skill is not always-enabled, does not request system-wide configuration changes in its instructions, and does not attempt to modify other skills or global agent settings. Autonomous invocation is allowed (platform default) but not combined with other red flags.
Assessment
This skill is coherent: it uses the Membrane CLI as a proxy to manage a New Sloth connector. Before installing or running commands, verify the @membranehq/cli package on npm (publisher, versions, and reviews), be aware that proxied API requests and their data will flow through Membrane (so review their privacy/security policies), and exercise caution when running global npm installs (they require elevated privileges on some systems). If you need stricter guarantees, ask for an explanation of what data will be proxied and whether sensitive fields will be redacted.

Like a lobster shell, security has layers — review code before you run it.

latestvk9771scy8frwb49fa4p8ys16x584396a

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments