ClawHub

Tradogram

v1.0.0

Tradogram integration. Manage data, records, and automate workflows. Use when the user wants to interact with Tradogram data.

0· 29·0 current·0 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
CryptoCan make purchases
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name and description say 'Tradogram integration' and the SKILL.md only instructs use of Membrane CLI to connect, list actions, run actions, and proxy requests to Tradogram — these requirements match the stated purpose.
Instruction Scope
Instructions only direct installing/using the Membrane CLI, performing login/browser auth, creating connections, listing and running actions, and proxying API requests through Membrane. They do not instruct reading unrelated files, exfiltrating environment variables, or contacting unexpected endpoints.
Install Mechanism
There is no embedded install spec in the skill bundle; the doc recommends installing the public npm package @membranehq/cli (npm -g). This is expected for a CLI-based integration but installing global npm packages carries the normal supply-chain risk — verify the package identity and registry before installing.
Credentials
The skill declares no required env vars, no credentials, and the instructions rely on Membrane to handle authentication. That is proportionate for a connector wrapper; users will authenticate interactively via the Membrane flow.
Persistence & Privilege
always is false and the skill is instruction-only with no code writing to disk. Autonomous invocation is allowed (platform default) but the skill does not request elevated or persistent privileges.
Assessment
This skill is coherent: it tells the agent to use the Membrane CLI to access Tradogram. Before installing or running anything, verify you trust the Membrane project and the npm package @membranehq/cli (check the npm page, publisher, and repository), understand that you'll authenticate via a browser-based flow (or headless code exchange), and avoid pasting sensitive credentials into chat. Installing a global npm package is normal here but carries standard supply-chain risk — consider installing in a controlled environment or reviewing the package source if you have security concerns.

Like a lobster shell, security has layers — review code before you run it.

latestvk978rgf6hqt0nzx4v79382ds4n8468g7

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments