ClawHub

Pactsafe

v1.0.2

PactSafe integration. Manage data, records, and automate workflows. Use when the user wants to interact with PactSafe data.

0· 79·0 current·0 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name and description claim a PactSafe integration and the SKILL.md prescribes using Membrane (a third-party integration proxy) and its CLI to call PactSafe APIs — this aligns with the stated purpose. Repository and homepage references point to Membrane-related resources which matches the implementation approach.
Instruction Scope
The instructions are limited to installing and using the Membrane CLI, creating connections, listing actions, running actions, and proxying requests to PactSafe. They do not instruct reading unrelated system files, harvesting environment variables, or sending data to unexpected endpoints. The doc explicitly warns against asking users for API keys and recommends using Membrane-managed connections.
Install Mechanism
The SKILL.md recommends a global npm install (@membranehq/cli). This is a normal and traceable registry install but carries the usual considerations of installing global npm packages (requires appropriate privileges, you may prefer npx). No archive downloads or obscure URLs are used.
Credentials
The skill declares no required environment variables or credentials. The instructions rely on Membrane to manage credentials server-side and instruct the user to authenticate via browser; this is proportionate to the described functionality.
Persistence & Privilege
The skill is instruction-only, does not request always:true, does not modify other skills' configs, and does not request persistent system privileges. Default autonomous invocation is unchanged (normal).
Assessment
This skill is an instructions-only adapter that expects you to use the Membrane CLI to connect to PactSafe. Before installing or running commands: (1) verify you trust the Membrane project and homepage/repository URLs; (2) prefer running with npx if you don't want a global npm install or lack admin rights; (3) when authenticating, review the OAuth consent and scopes shown in the browser; and (4) never paste API keys or secrets into chat—use the connection flow described so Membrane stores credentials. If you need higher assurance, review @membranehq/cli source code and the referenced repository before use.

Like a lobster shell, security has layers — review code before you run it.

latestvk97e0mh6c462y9qqy1gv2shw75842str

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments