ClawHub

Sofort

v1.0.0

SOFORT integration. Manage data, records, and automate workflows. Use when the user wants to interact with SOFORT data.

0· 30·0 current·0 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
CryptoCan make purchases
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (SOFORT integration) matches the runtime instructions: all guidance centers on using the Membrane CLI to discover connectors, create connections, run actions, and proxy requests to the SOFORT API.
Instruction Scope
SKILL.md stays within scope: it instructs installing and using the Membrane CLI, logging in, creating a SOFORT connection, listing actions, running actions, and proxying requests. It does not direct the agent to read unrelated files, exfiltrate arbitrary data, or access environment variables beyond the Membrane login flow.
Install Mechanism
The skill is instruction-only and asks the user to install @membranehq/cli via npm (global). This is a common distribution method but does execute third-party code on the machine; users should verify the npm package and its publisher before installing. No opaque download URLs or archive extraction are recommended by the skill.
Credentials
No environment variables, config paths, or credentials are requested by the skill. The SKILL.md explicitly tells users not to provide API keys and to let Membrane handle auth, which is consistent with the described workflow.
Persistence & Privilege
The skill does not request always:true or any special persistent privileges. It is user-invocable and the agent may call it autonomously (platform default), which is expected for an integration skill.
Assessment
This skill is coherent: it is a how-to for using the Membrane CLI to work with SOFORT and does not ask for local secrets. Before installing or running commands: - Verify the npm package @membranehq/cli (check the npm page and its GitHub repository) to ensure you trust the publisher. - Be aware that installing global npm packages runs third-party code on your machine — consider installing in an isolated environment or container if you are cautious. - Membrane will hold and proxy credentials server-side; confirm you trust the Membrane provider and review their privacy/security docs if sensitive financial data is involved. - The skill allows the agent to run CLI commands if invoked; if you prefer manual control, only run commands yourself rather than permitting autonomous runs. If additional files, environment variables, or unfamiliar endpoints appear in the skill later, re-evaluate (that would raise suspicion).

Like a lobster shell, security has layers — review code before you run it.

latestvk971pc9a75maa9bc06ch4bzhcx847yv1

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments