ClawHub

Reward Gateway

v1.0.2

Reward Gateway integration. Manage data, records, and automate workflows. Use when the user wants to interact with Reward Gateway data.

0· 91·0 current·0 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (Reward Gateway integration) match the instructions: all operations are performed via the Membrane CLI and Membrane connections. There are no unrelated requirements (no AWS, no unrelated tokens, no filesystem paths).
Instruction Scope
SKILL.md instructs the agent to install and use the Membrane CLI, run login/connect/action/request commands, and to proxy API calls through Membrane. All referenced commands, files, and flows are directly related to interacting with Reward Gateway data. The instructions explicitly avoid asking the user for raw API keys and rely on browser-based auth.
Install Mechanism
The skill is instruction-only (no built-in install spec), but it tells users to run 'npm install -g @membranehq/cli'. Installing a global npm package is a reasonable and expected way to get a CLI, but it does introduce code that will be written to disk and executed. This is proportional to the stated purpose but worth noting: verify the '@membranehq/cli' package and its source before installation if you have security concerns.
Credentials
The skill declares no required environment variables or credentials and relies on Membrane to manage auth. That is proportionate. One privacy/security note: Membrane acts as a proxy and will see the request/response data and auth tokens it manages, so trust in the Membrane service is required.
Persistence & Privilege
always is false and the skill does not request system-wide configuration changes. The skill can be invoked autonomously (platform default), which is expected; there are no additional persistent privileges requested.
Assessment
This skill appears coherent and uses the Membrane CLI as a legitimate proxy for Reward Gateway. Before installing: (1) confirm you trust Membrane (https://getmembrane.com) because it will see proxied API calls and manage credentials; (2) inspect the '@membranehq/cli' npm package or its GitHub repo if you want to review code before globally installing a CLI; (3) in sensitive environments, prefer running the CLI in an isolated VM/container or use a least-privilege account; (4) if you want to avoid the agent calling this skill autonomously, disable model invocation or only allow user-invoked use. If you need more assurance, provide the skill's owner/source or the Membrane CLI repository link so I can check for further red flags.

Like a lobster shell, security has layers — review code before you run it.

latestvk97fzqx56psrrnb41w7tbs4ejh843wg0

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments