ClawHub

Onfleet

v1.0.2

Onfleet integration. Manage Organizations. Use when the user wants to interact with Onfleet data.

0· 116·0 current·0 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (Onfleet integration) matches the instructions: using the Membrane CLI to connect to Onfleet, discover actions, run actions, or proxy raw API requests. No unrelated services, credentials, or binaries are requested.
Instruction Scope
SKILL.md instructs running the Membrane CLI, logging in via browser (or headless flow), creating connections, listing actions, running actions, and using a proxy to call the Onfleet API. It does not instruct reading local files, accessing unrelated environment variables, or exfiltrating data to unexpected endpoints.
Install Mechanism
There is no automated install spec in the skill (instruction-only). The doc recommends installing @membranehq/cli globally via npm or using npx; this is expected for a CLI-based integration but means you will fetch and run third-party code from npm. Verify the CLI package and repository before installing.
Credentials
The skill requires network access and a Membrane account but declares no environment variables or local secrets. This is proportionate to the stated purpose; however, it centralizes Onfleet credentials with Membrane (server-side), so you must trust Membrane with your Onfleet access.
Persistence & Privilege
always is false and the skill is user-invocable. There is no install-time code in the skill itself and it does not request persistent agent-wide privileges or modify other skills' configurations.
Assessment
This skill appears coherent, but before installing or using it: (1) verify the @membranehq/cli package and GitHub repository (check npm page, maintainer, and repo history) rather than blindly running a global npm install; (2) prefer using npx or a local install to avoid global package changes; (3) understand that Onfleet credentials will be handled by Membrane — review Membrane’s privacy/security docs and the OAuth scopes Onfleet requests during connection; (4) avoid pasting sensitive keys into chat or commands; (5) if you need tighter control, create a least-privilege Onfleet account for the integration and/or use an organization-managed Membrane account; and (6) if you are uncomfortable with a third-party proxying API calls, consider integrating directly with Onfleet using your own tooling.

Like a lobster shell, security has layers — review code before you run it.

latestvk970am2c5efvj38ge82qz3c6z5843f14

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments