ClawHub

Smartroutes

v1.0.2

SmartRoutes integration. Manage Organizations, Users, Filters. Use when the user wants to interact with SmartRoutes data.

0· 81·0 current·0 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description (SmartRoutes integration) match the runtime instructions: the SKILL.md directs the agent to use the Membrane CLI to discover connectors, run actions, and proxy API requests to SmartRoutes. Network access and a Membrane account are reasonable and expected.
Instruction Scope
Instructions tell the user/agent to run npx @membranehq/cli@latest to log in, create connections, list actions, run actions, and proxy arbitrary API requests. The instructions do not ask the agent to read unrelated local files or request unrelated credentials, but they do result in credentials being written to ~/.membrane/credentials.json and they allow sending arbitrary API paths through Membrane's proxy (which will transmit request data to Membrane).
Install Mechanism
There is no packaged install spec, but SKILL.md requires running npx @membranehq/cli@latest. Using npx pulls and executes code from the public npm registry each run (moderate risk). The CLI is not pinned to a specific, audited version (it uses @latest), increasing the risk that future package updates could change behavior.
Credentials
The skill declares no required env vars or config paths beyond the Membrane login flow. The credential storage at ~/.membrane/credentials.json is expected for a CLI that manages auth; no unrelated secrets or environment access are requested.
Persistence & Privilege
always is false and the skill does not request persistent platform-level privileges. It will store credentials under ~/.membrane, which is normal for a CLI; it does not modify other skills or system-wide agent configs according to the provided instructions.
Assessment
This skill is coherent for SmartRoutes usage but relies on running the Membrane CLI via npx (which downloads and executes code from npm each time). Before installing or running it: 1) Verify you trust the @membranehq/cli package and the Membrane service (check the package owner, npm page, and privacy/terms). 2) Prefer pinning a specific CLI version rather than using @latest to reduce supply-chain risk. 3) Be aware authentication will open a browser and store tokens at ~/.membrane/credentials.json — inspect and protect that file. 4) Understand that proxying API calls through Membrane sends request data to their servers (ensure this is acceptable for your data sensitivity and compliance). 5) If you are concerned, run the CLI in an isolated or ephemeral environment (container/VM) or request a vetted install method from the skill author.

Like a lobster shell, security has layers — review code before you run it.

latestvk973d9megm5dhvwr558wakeny58428xn

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments