Sugarcrm
v1.0.3SugarCRM integration. Manage crm and sales data, records, and workflows. Use when the user wants to interact with SugarCRM data.
⭐ 0· 270·0 current·0 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description (SugarCRM integration) aligns with the instructions: all runtime operations are performed via the Membrane CLI and refer only to SugarCRM concepts (modules, records, actions, proxying to SugarCRM API). No unrelated services, credentials, or binaries are requested.
Instruction Scope
SKILL.md instructs the agent/user only to install and run the @membranehq/cli commands (login, connect, action list/run, request). It does not instruct reading arbitrary files, accessing unrelated env vars, or exfiltrating data to unexpected endpoints beyond Membrane/SugarCRM. Headless auth flow and browser-based auth are explicitly described.
Install Mechanism
This is an instruction-only skill (no install spec). It instructs users to install a global npm package (npm install -g @membranehq/cli). Installing global npm packages downloads and runs third-party code from the npm registry — expected for a CLI but users should ensure they're installing the official package and accept the usual npm risks.
Credentials
The skill declares no required environment variables, no primary credential, and no config paths. The SKILL.md explicitly instructs using Membrane-managed connections rather than asking for API keys locally, which is proportionate to the stated purpose.
Persistence & Privilege
The skill is not always-enabled and does not request system-wide configuration changes or access to other skills. Autonomous invocation is allowed (platform default) but is not combined with additional privileges or broad credential access.
Assessment
This skill is internally consistent with a Membrane-based SugarCRM integration. Before installing or running commands: 1) verify you want to install the @membranehq/cli package and that you trust the package source (npm); 2) confirm the Membrane account and connector you connect to are legitimate, since API requests are proxied through Membrane (CRM data will flow through their service); 3) in headless or shared environments, be cautious when copying authentication codes or leaving connections active; and 4) if you require offline or self-hosted control of credentials, evaluate whether using Membrane fits your security requirements.Like a lobster shell, security has layers — review code before you run it.
latestvk9701f4f94rzqbcqkvjpgffr45843fnb
License
MIT-0
Free to use, modify, and redistribute. No attribution required.