ClawHub

Teamgantt

v1.0.0

TeamGantt integration. Manage data, records, and automate workflows. Use when the user wants to interact with TeamGantt data.

0· 58·0 current·0 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The skill claims to integrate with TeamGantt and its SKILL.md consistently instructs the agent to use the Membrane CLI to connect, discover actions, run actions, and proxy API requests to TeamGantt. No unrelated credentials, binaries, or config paths are requested.
Instruction Scope
All runtime instructions are limited to installing/using the Membrane CLI, performing OAuth-style login via a browser, creating connections, listing and running actions, and proxying API requests through Membrane. This stays within the stated purpose. Note: proxying arbitrary requests via Membrane means the external Membrane service will see request/response data — you should trust Membrane before sending sensitive data.
Install Mechanism
The registry contains no install spec, but SKILL.md instructs users to install @membranehq/cli via npm (global install or npx). This is a typical, moderate-risk step (fetches code from the npm registry). It's expected for a CLI-driven integration but not performed by the skill bundle itself; verify the package source and prefer npx or a pinned version if you want to avoid a global install.
Credentials
The skill declares no required environment variables or credentials and explicitly instructs not to ask users for API keys because Membrane manages auth. This is proportionate. The remaining consideration is trust in the Membrane service which will hold/manage TeamGantt credentials on your behalf.
Persistence & Privilege
The skill does not request always:true or any persistent system-level privileges. It is instruction-only and does not modify other skills or agent-wide configs.
Assessment
This skill is internally consistent: it delegates auth and API calls to the Membrane CLI/service rather than bundling credentials. Before using it: 1) Verify you trust Membrane (review @membranehq/cli on npm and the project's repo and privacy/security docs), because Membrane will see and manage your TeamGantt tokens and proxied request data. 2) Prefer running the CLI with npx or a pinned version instead of a global npm install if you want to limit system-wide changes. 3) When creating the connection, review the connector scopes/permissions and grant least privilege. 4) Don’t paste sensitive secrets into prompts; use the OAuth/connection flow Membrane provides. If you need more assurance, request an explicit install spec or signed package provenance from the skill author.

Like a lobster shell, security has layers — review code before you run it.

latestvk97ax2a2adgn38nxn4mbr647d1849v9m

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments