ClawHub

Sportsdata

v1.0.2

SportsData integration. Manage Teams, Leagues, Users. Use when the user wants to interact with SportsData data.

0· 123·0 current·0 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The skill claims to integrate SportsData and all runtime instructions are about installing and using the Membrane CLI to create a SportsData connection and run actions or proxied requests. No unrelated services, credentials, or binaries are requested.
Instruction Scope
SKILL.md limits runtime behavior to installing/using the Membrane CLI, logging in, creating connections, listing/running actions, and proxying API requests. It does not instruct reading local files, unrelated env vars, or exfiltrating data beyond calls to Membrane/SportsData.
Install Mechanism
There is no automated install spec in the package (instruction-only). The doc recommends installing @membranehq/cli via npm (or invoking with npx). This is a normal user-side step but does alter the system (global npm install) and pulls code from the npm registry — users should review that package before installing.
Credentials
The skill declares no required env vars or secrets and defers auth to Membrane. That is proportionate; however, using Membrane means requests and credentials are handled server-side by a third party (Membrane), so data and API calls will transit Membrane's service. Users should consider whether they trust that proxy for their data and any regulatory constraints.
Persistence & Privilege
The skill is user-invocable, not always-enabled, and does not request persistent privileges or modify other skills. Autonomous model invocation is allowed (platform default) but not combined with other concerning privileges.
Assessment
This skill appears coherent: it simply instructs using the Membrane CLI to talk to SportsData. Before installing or using it: (1) review and trust the @membranehq/cli npm package (or run via npx) because a global npm install will write to your system; (2) understand that Membrane acts as a proxy and will handle/see credentials and API traffic — confirm this is acceptable for your data/privacy/regulatory needs; (3) when authorizing the connector, review the scopes requested in the browser auth flow; (4) prefer npx for ephemeral use if you don't want a global install; and (5) verify the Membrane homepage/repository links (getmembrane.com / github.com/membranedev) match your expectations. There are no other red flags in the skill files.

Like a lobster shell, security has layers — review code before you run it.

latestvk9737ctn82trg8kmn0d4w05c71843etm

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments