ClawHub

Stockly

v1.0.2

Stockly integration. Manage data, records, and automate workflows. Use when the user wants to interact with Stockly data.

0· 48·0 current·0 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The skill declares it integrates with Stockly and the SKILL.md consistently instructs the agent to use the Membrane CLI to discover connectors, create connections, run actions, or proxy API requests. There are no unrelated credentials, binaries, or config paths requested.
Instruction Scope
Instructions are narrowly scoped to installing/using the Membrane CLI, logging in, discovering connectors/actions, running actions, and proxying requests to Stockly. The SKILL.md does not instruct reading arbitrary files, environment variables, or exfiltrating data outside the described flow. It also explicitly recommends not asking the user for API keys.
Install Mechanism
This is an instruction-only skill that asks users to run `npm install -g @membranehq/cli` (and recommends `npx` in other examples). Installing a third-party CLI globally from npm is a common pattern but carries the usual npm risks (unversioned global install, running third-party code on the system). The install is not from an arbitrary URL or a shortener, so risk is moderate and expected for this integration.
Credentials
No environment variables, credentials, or config paths are required by the skill itself. Authentication is delegated to Membrane via browser-based login/connection flows, which is proportionate to the stated purpose.
Persistence & Privilege
The skill is not always-enabled and is user-invocable. It does not request elevated or persistent platform privileges and does not modify other skills' configuration. Autonomous invocation is allowed by platform default but is not combined with any unusual privilege escalation here.
Assessment
This skill appears internally consistent: it delegates auth to the Membrane service and instructs using the @membranehq CLI to talk to Stockly. Before installing, verify you trust the Membrane project/package (review the npm package and the GitHub repo linked in the SKILL.md), and be comfortable with installing a third-party CLI globally or using npx. Expect browser-based login flows and network calls to Membrane/Stockly when using the skill. If you need stricter isolation, run the CLI in a sandbox/container or avoid a global install and use npx or a pinned package version.

Like a lobster shell, security has layers — review code before you run it.

latestvk97abff6tt7j49tf0e9xeh15vh842w6j

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments