ClawHub

Shieldpay

v1.0.0

Shieldpay integration. Manage data, records, and automate workflows. Use when the user wants to interact with Shieldpay data.

0· 48·0 current·0 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (Shieldpay integration) match the instructions: all actions are performed via the Membrane CLI which proxies Shieldpay calls. The declared compatibility (network + Membrane account) is appropriate.
Instruction Scope
SKILL.md limits runtime actions to installing/using the Membrane CLI, creating/listing connections, discovering and running actions, and proxying requests to Shieldpay via Membrane. It does not instruct reading unrelated files, environment variables, or exfiltrating data to unknown endpoints.
Install Mechanism
Install instruction is an npm global install (npm install -g @membranehq/cli). Using a public npm package for a CLI is expected for this integration but has typical supply-chain risk (npm packages can contain malicious code). No direct downloads or archive extraction are present.
Credentials
The skill declares no required env vars or credentials. It intentionally defers auth to Membrane (server-side). This is proportionate; however, it implicitly requires trust in Membrane's handling of credentials and proxied request content.
Persistence & Privilege
The skill is instruction-only, no install spec that writes files beyond the user installing the Membrane CLI. always is false and the skill does not request system-wide configuration or modify other skills.
Assessment
This skill appears internally consistent for talking to Shieldpay through Membrane. Before installing: (1) Be aware you'll install a global npm package—prefer a virtual environment/container if you want to limit impact; run npm audit and review the @membranehq/cli package source if possible. (2) Using Membrane means your Shieldpay requests and auth are proxied through Membrane servers—only proceed if you trust Membrane's service and privacy/policy. (3) The skill does not request local API keys, but it will prompt the user to authenticate via the Membrane login flow (browser or headless URL/code). If you need stricter isolation, test in a sandboxed environment first.

Like a lobster shell, security has layers — review code before you run it.

latestvk977a6j5rw2gj88bmkfrg6qxzh844vdt

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments