ClawHub

Ortto

v1.0.2

Ortto integration. Manage Persons, Organizations, Deals, Leads, Projects, Pipelines and more. Use when the user wants to interact with Ortto data.

0· 69·0 current·0 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The skill declares an Ortto integration and all runtime instructions show how to use the Membrane CLI to connect to Ortto, list actions, run actions, and proxy requests — this is consistent with the stated purpose.
Instruction Scope
SKILL.md stays within the integration scope (login, connect, list/run actions, proxy requests). It explicitly allows proxying arbitrary Ortto API paths through Membrane, which is expected for a connector but means the agent (once authenticated) could issue any API calls supported by the connected account (including deletes or sending messages).
Install Mechanism
This is an instruction-only skill (no install spec). It asks the user to install @membranehq/cli via npm -g in documentation, which is a normal user action but not enforced by the platform; installing global npm packages has typical supply-chain considerations and users should verify the package source before installation.
Credentials
The skill declares no required environment variables or credentials; authentication is handled interactively via the Membrane CLI as described, which is proportionate to the task.
Persistence & Privilege
always is false, there are no code files or persistent installs in the skill itself, and it does not request to modify other skills or system-wide agent settings.
Assessment
This skill appears coherent, but before installing: (1) verify you trust the Membrane CLI package and the referenced GitHub repo (check publisher, release notes, and npm package maintainer), (2) prefer connecting a least-privilege Ortto account or test tenant because the Membrane proxy can run arbitrary API calls (including deletes and sending messages), (3) avoid running the agent with broad system privileges or in environments with sensitive secrets accessible to the CLI, and (4) monitor activity after first use and revoke the connection if you observe unexpected actions.

Like a lobster shell, security has layers — review code before you run it.

latestvk97052jc4n6mzns62fcqfj76gs8439j2

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments