ClawHub

Signicat

v1.0.0

Signicat integration. Manage data, records, and automate workflows. Use when the user wants to interact with Signicat data.

0· 56·0 current·0 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The name/description (Signicat integration) matches the instructions: all actions are performed via the Membrane CLI which proxies to Signicat. Nothing requested (no unrelated env vars, no odd binaries) is inconsistent with a Signicat integration.
Instruction Scope
SKILL.md stays on-topic (install Membrane CLI, log in, create a connection, run actions or proxied requests). However, it explicitly sends requests through Membrane's servers (the proxy) and relies on Membrane to store/manage credentials and refresh tokens — meaning Signicat requests and potentially sensitive identity data will flow through a third party. This is expected for a Membrane-based integration but is a privacy/trust consideration.
Install Mechanism
The skill is instruction-only and asks the user to install @membranehq/cli via npm (or use npx). Installing a global npm package or running npx is a moderate-risk action that requires trusting the npm package and its maintainers; there is no install spec baked into the skill bundle itself.
Credentials
The skill declares no required env vars or credentials and avoids asking for local API keys (it explicitly instructs you to let Membrane handle auth). That is proportionate to its purpose. Note that you will authenticate to Membrane (via browser login), which grants Membrane access to Signicat credentials and proxied data.
Persistence & Privilege
The skill does not request persistent presence (always:false), does not modify system-wide configs, and is user-invocable only. There are no special privilege requests in the manifest.
Assessment
This skill appears coherent for integrating with Signicat via Membrane, but before installing: 1) Understand that your Signicat requests and identity data will be proxied through Membrane — review their privacy/security docs and trustworthiness. 2) Prefer running the CLI with npx or in a constrained environment instead of a global npm install if you want to reduce system changes. 3) Inspect the @membranehq/cli package (npm page, GitHub repo, maintainer) before installing. 4) If you need strict data control, consider connecting to Signicat directly or ask for a clear data-handling policy from Membrane. 5) Only proceed if you are comfortable giving Membrane the ability to manage Signicat credentials on your behalf.

Like a lobster shell, security has layers — review code before you run it.

latestvk977z8hewxve0ydt21fy0ys2k9849g8n

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments