ClawHub

Smartbear

v1.0.0

SmartBear integration. Manage data, records, and automate workflows. Use when the user wants to interact with SmartBear data.

0· 32·0 current·0 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (SmartBear integration) matches the instructions: it directs use of the Membrane CLI to connect to SmartBear and run actions or proxy API requests. No unrelated services or credentials are requested.
Instruction Scope
SKILL.md only instructs installing and using the @membranehq/cli, logging in via a browser, listing/connecting actions, and proxying requests through Membrane. It does not instruct reading arbitrary files, exfiltrating data, or accessing unrelated env vars.
Install Mechanism
The install guidance uses npm install -g @membranehq/cli or npx to run commands. Installing a global npm package is a standard but moderately privileged operation (writes to disk, modifies PATH). Verify the package identity (publisher, repository) before global install; using npx avoids a permanent global install.
Credentials
The skill declares no required env vars or credentials and explicitly says Membrane handles auth and refresh server-side. That is proportionate to a proxy/connector-style integration.
Persistence & Privilege
The skill doesn't request 'always: true' or system config changes, but installing the CLI will persist software on the host. The skill can be invoked autonomously by default (platform standard) — there is no additional persistent privilege requested by the skill itself.
Assessment
This skill is instruction-only and uses the Membrane CLI to talk to SmartBear. Before installing: verify the @membranehq/cli package and the getmembrane.com project are legitimate (check the npm publisher and GitHub repo), prefer using npx if you want to avoid a global install, and be aware that Membrane will handle and store connector credentials on its service (so only use it if you trust that vendor). If you need stricter control, run the CLI in an isolated environment or review Membrane's privacy/security docs for how they store and access connector credentials.

Like a lobster shell, security has layers — review code before you run it.

latestvk97608yrse9jfk0sdtfnkvrn51847mph

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments