ClawHub

Pandle

v1.0.2

Pandle integration. Manage data, records, and automate workflows. Use when the user wants to interact with Pandle data.

0· 86·0 current·0 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The README and instructions describe using Membrane as a proxy to interact with Pandle; requiring network access and the Membrane CLI matches the stated goal of integrating with Pandle. No unrelated credentials, binaries, or system paths are requested.
Instruction Scope
The SKILL.md directs the agent to install and run the @membranehq/cli, log in via browser, create connections, run actions, and optionally proxy raw API requests through Membrane. These actions stay within the advertised Pandle-integration scope, but they grant Membrane (the external service) the ability to act on the user's behalf and proxy arbitrary Pandle API calls—so the user must trust Membrane.
Install Mechanism
There is no automated install spec—installation is a manual npm global or npx instruction. Installing an npm package globally can run install-time scripts and requires trust in the package and publisher; the instructions reference a public npm package (@membranehq/cli), which is a reasonable mechanism but should be verified by the user before installing.
Credentials
No environment variables, credentials, or config paths are requested by the skill. Authentication is delegated to Membrane, so no local API keys are asked for. This is proportionate, but it centralizes trust in the Membrane service for credential handling.
Persistence & Privilege
The skill does not request always:true, does not modify other skills, and does not declare persistent system-level privileges. It is an instruction-only skill that will only run when invoked by the agent or the user per normal platform behavior.
Assessment
This skill is coherent and implements Pandle access via the Membrane CLI. Before installing or using it: 1) Verify the npm package @membranehq/cli on the npm registry and inspect its repository/release history; 2) Prefer using npx for one-off runs if you don't want a global install; 3) Understand that Membrane will manage and store the connection credentials server-side—only proceed if you trust getmembrane.com and the Membrane service to act on your behalf; 4) When authenticating, follow the browser-based flow and verify redirect URLs and prompts; 5) Review what actions and API endpoints you will allow the connector to access (avoid granting unnecessary scopes); and 6) If you need a higher assurance, ask for the package source and a reproducible build or run the CLI in an isolated environment (container) first.

Like a lobster shell, security has layers — review code before you run it.

latestvk97dp7kjg79yrv1x6xz9v237kn843avp

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments