ClawHub

Section

v1.0.2

Section integration. Manage data, records, and automate workflows. Use when the user wants to interact with Section data.

0· 86·0 current·0 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The name/description (Section integration) matches the instructions: discover Section connector, create a connection, list/run actions and proxy requests via the Membrane CLI. No unrelated env vars, binaries, or config paths are requested.
Instruction Scope
Instructions are scoped to using the Membrane CLI: install, login, create connections, list and run actions, and proxy requests to Section via Membrane. This stays on-purpose, but the proxy functionality means API requests and payloads will be sent through Membrane's service (possible third-party data exposure) and the docs allow running arbitrary endpoint calls — avoid sending secrets or unrelated sensitive data.
Install Mechanism
No install spec in the registry (instruction-only), but SKILL.md recommends installing the Membrane CLI via npm -g @membranehq/cli. This is a reasonable, standard recommendation; as with any global npm install, users may prefer npx or auditing the package before installing.
Credentials
The skill declares no required environment variables or credentials and explicitly advises not to ask users for API keys. That is proportionate for a connector-based integration that relies on Membrane to manage auth.
Persistence & Privilege
The skill does not request persistent/global privileges (always: false). It's instruction-only and will not modify other skills or system-wide agent settings according to the provided files.
Assessment
This skill appears to do what it says: it uses the Membrane CLI to interact with Section. Before installing/using it, confirm you trust Membrane (getmembrane.com) because requests and payloads will be proxied through their service and could disclose data to that third party. Prefer using npx when possible or review the @membranehq/cli package and its GitHub repo before a global install. Never paste secrets or production credentials into ad-hoc request bodies; create the connector via Membrane's browser-auth flow as instructed and test in a non-production environment first.

Like a lobster shell, security has layers — review code before you run it.

latestvk970p1rw7np9zd1h8ftg0rsef58425h0

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments