ClawHub

Rapidoc

v1.0.2

RapiDoc integration. Manage data, records, and automate workflows. Use when the user wants to interact with RapiDoc data.

0· 80·0 current·0 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description say 'RapiDoc integration' and the runtime instructions consistently show how to use the Membrane CLI to connect to RapiDoc, discover actions, run actions, and proxy requests. The dependencies (Membrane CLI, network, Membrane account) are proportional to that purpose.
Instruction Scope
SKILL.md only instructs installing and using the Membrane CLI, logging in, creating connections, listing/running actions, and proxying requests. It does not ask the agent to read unrelated files, access other services, or exfiltrate secrets; browser-based login and headless code flow are documented.
Install Mechanism
This is an instruction-only skill that recommends installing @membranehq/cli via npm -g (or using npx). npm global install is a reasonable mechanism here but carries the usual risks of installing third-party packages (supply chain, global binary changes). No direct downloads or obscure URLs are used.
Credentials
The skill declares no required environment variables or credentials and explicitly states Membrane manages auth server-side. There are no unrelated credential requests in the instructions.
Persistence & Privilege
The skill does not request always:true, does not modify other skills, and only requires installing a CLI tool (which is a normal system-level change). Autonomous model invocation remains enabled by default but is not combined with broad credential access or other red flags.
Assessment
This skill appears to do what it says: it relies on the Membrane CLI to access RapiDoc and does not ask for unrelated secrets. Before installing: 1) Verify the @membranehq/cli package and publisher on npm (use the official package name and check maintainers). 2) Consider using npx or a non-global install if you prefer not to modify your global binaries. 3) Understand that Membrane will act as a proxy for requests — data you send will go through Membrane's infrastructure, so review their privacy/security posture if you will send sensitive data. 4) If you do not want the agent to invoke the skill autonomously, restrict skill invocation in your agent settings. If you need additional assurance, ask the skill author for a signed package URL or to host a release on a well-known release host (GitHub releases).

Like a lobster shell, security has layers — review code before you run it.

latestvk975y79xmyzdfa575rg6xt9k1s8438tj

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments