ClawHub

Smartreach

v1.0.2

SmartReach integration. Manage Organizations. Use when the user wants to interact with SmartReach data.

0· 128·0 current·0 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (SmartReach integration) matches the instructions (use Membrane CLI to connect, list actions, run actions, and proxy requests to SmartReach). No unrelated credentials, binaries, or config paths are requested.
Instruction Scope
SKILL.md confines runtime actions to installing/using the Membrane CLI, running membrane login/connect/action/request commands, and reading JSON output from those commands. It does not instruct reading arbitrary local files, other env vars, or exfiltrating data to unexpected endpoints. It directs network calls through Membrane, which is coherent with the stated integration.
Install Mechanism
This is an instruction-only skill (no install spec), but it tells users to run `npm install -g @membranehq/cli`. Installing a global npm package runs third-party code on the host — expected for CLI-based integrations but worth noting as a moderate-risk action because it executes code from the npm registry.
Credentials
The skill declares no required env vars, no primary credential, and no config paths. The SKILL.md explicitly advises not to ask users for API keys and to let Membrane handle credentials, which is consistent and proportionate.
Persistence & Privilege
The skill does not request always:true, does not modify other skills, and is user-invocable only. It does require network access implicitly, which is expected for an external API integration.
Scan Findings in Context
[no-findings] expected: No code files present; regex scanner had nothing to analyze. This is expected for an instruction-only skill.
Assessment
This skill appears coherent: it uses the Membrane CLI as a proxy to access SmartReach and asks you to authenticate via Membrane rather than providing raw API keys. Before installing, verify you trust the @membranehq/cli npm package (check the npm registry listing, GitHub repo, and publisher), because `npm install -g` executes third-party code on your machine. Also consider that Membrane will act as an intermediary and hold/refresh SmartReach credentials on their servers — confirm this data flow is acceptable for your privacy and compliance needs. If you want to avoid installing a global CLI, you can run the CLI via npx or review Membrane’s documentation to confirm behavior and permissions.

Like a lobster shell, security has layers — review code before you run it.

latestvk971x4wgwesdthv2rmrzsqnghn843rqt

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments