ClawHub

Screenshotone

v1.0.2

ScreenshotOne integration. Manage Screenshots, Usages. Use when the user wants to interact with ScreenshotOne data.

0· 133·0 current·0 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the instructions: all runtime steps use the Membrane CLI to interact with ScreenshotOne. No unrelated credentials, binaries, or paths are requested.
Instruction Scope
SKILL.md confines the agent to installing and using the Membrane CLI, creating connections, listing actions, running actions, and using Membrane's proxy. It does not instruct reading unrelated files, environment variables, or transmitting data to unexpected endpoints.
Install Mechanism
There is no automated install spec in the registry, but the instructions tell the user to run `npm install -g @membranehq/cli`. Installing a global npm package is a user-driven action and is a moderate-risk step (npm packages execute code), so verify the package/source before installing.
Credentials
The skill declares no environment variables or credentials and explicitly recommends using Membrane connections instead of asking for API keys. Requested access is proportional to the stated functionality (network + Membrane account).
Persistence & Privilege
The skill is not always-enabled and does not request system-wide config changes. It relies on the Membrane service for auth; autonomous invocation remains the platform default but is not combined here with elevated privileges or unexpected persistence.
Assessment
This skill is instruction-only and uses the Membrane CLI to talk to ScreenshotOne. Before installing or using it: (1) verify you trust Membrane/getmembrane.com and the @membranehq/cli npm package (check npm and GitHub sources) because the SKILL.md asks you to run a global npm install; (2) be aware the CLI flow opens a browser for OAuth-style login and will create connections that manage credentials server-side; (3) the agent could invoke these commands if allowed — only enable the skill for agents you trust and avoid pasting sensitive local secrets into prompts. If you are uncomfortable installing global npm packages or trusting an external proxy service, do not install or use the skill.

Like a lobster shell, security has layers — review code before you run it.

latestvk9737jd2x91gm8bg8deszecgex843qg3

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments