ClawHub

Spotdraft

v1.0.0

Spotdraft integration. Manage data, records, and automate workflows. Use when the user wants to interact with Spotdraft data.

0· 45·0 current·0 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (Spotdraft integration) matches the instructions: the SKILL.md describes using the Membrane CLI to discover and run Spotdraft actions and proxy API requests. There are no unrelated required env vars, binaries, or config paths.
Instruction Scope
Instructions stay on-topic: they tell the agent to install/use the Membrane CLI, create a connection, enumerate/run actions, and (optionally) proxy raw requests through Membrane. The guidance avoids asking for direct API keys and does not instruct reading unrelated files or secrets.
Install Mechanism
There is no registry install spec, but the SKILL.md instructs installing @membranehq/cli via npm (global or npx). This is a typical approach but does introduce the normal npm supply-chain/trust considerations (unverified package, global install).
Credentials
The skill requests no environment variables or local credentials and explicitly recommends using Membrane's managed connections instead of asking users for API keys. That is proportionate to the stated purpose. Note: using Membrane means authentication/refresh is handled server-side, so users must trust the Membrane service with proxied Spotdraft data.
Persistence & Privilege
No elevated persistence requested (always:false). The skill is user-invocable and allows normal autonomous invocation; it does not request modifying other skills or system-wide settings.
Assessment
This skill appears coherent and focused: it uses the Membrane CLI to access Spotdraft and intentionally avoids asking for direct API keys. Before installing/using it, consider: 1) trust and privacy — Membrane will proxy your Spotdraft requests, so ensure you are comfortable with their service handling contract data; 2) install method — prefer using npx (temporary) or audit @membranehq/cli from the npm registry rather than an unreviewed global install; 3) permissions — perform the browser-based connection flow yourself so credentials don't get shared, and limit the agent's autonomous invocation if you don't want it to act without prompts.

Like a lobster shell, security has layers — review code before you run it.

latestvk971sn45pzs8nnh8ytbt3pas4h84faam

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments