ClawHub

Toneden

v1.0.2

ToneDen integration. Manage data, records, and automate workflows. Use when the user wants to interact with ToneDen data.

0· 85·0 current·0 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (ToneDen integration) match the instructions: they exclusively instruct use of the Membrane CLI to connect to ToneDen, discover actions, run them, and proxy API requests. There are no unrelated credentials, binaries, or configuration paths requested.
Instruction Scope
Instructions tell the agent (or user) to install and run the Membrane CLI, perform login via browser (or headless flow), create connections, list/run actions, and optionally proxy raw API requests through Membrane. This is within scope for a connector integration, but note that requests are proxied through Membrane's service—user data and API calls will transit Membrane servers as part of normal operation.
Install Mechanism
No installer in the package itself; the SKILL.md recommends installing @membranehq/cli via npm (-g) or using npx. Installing a third-party global npm package is a reasonable requirement for a CLI-driven integration but carries the usual risks of installing arbitrary npm packages—consider using npx or reviewing the package source (npm/GitHub) before global install.
Credentials
The skill requests no environment variables, no local secrets, and explicitly recommends letting Membrane handle credentials. There is no disproportionate credential access requested.
Persistence & Privilege
Skill is instruction-only, not marked always:true, and does not request persistent or elevated platform privileges. It does require a Membrane account and network access, which is appropriate for a connector.
Assessment
This skill is an instructions-only integration that relies on the Membrane CLI to access ToneDen; it does not ask for local secrets or unrelated credentials. Before installing: (1) confirm you trust Membrane (https://getmembrane.com) because requests and auth flows route through their service; (2) prefer npx or review the @membranehq/cli package source on npm/GitHub before running npm -g; (3) be mindful that CLI auth opens a browser and may return tokens to Membrane—do not paste unrelated secrets into CLI prompts; (4) if you need higher assurance, verify the connector implementation on the repository and the npm package checksum/version you install.

Like a lobster shell, security has layers — review code before you run it.

latestvk97ddbxtaftqmp8bkpk44q9v5s842ae3

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments