ClawHub

Userleap

v1.0.2

UserLeap integration. Manage data, records, and automate workflows. Use when the user wants to interact with UserLeap data.

0· 47·0 current·0 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description state this integrates with UserLeap; the SKILL.md exclusively describes using the Membrane CLI and Membrane-hosted connector to talk to UserLeap. There are no unrelated env vars, binaries, or permissions requested.
Instruction Scope
Instructions are limited to installing/using the Membrane CLI, running login/connect/action/request commands, and using the Membrane proxy. They do not instruct the agent to read arbitrary files or collect unrelated secrets. Minor inconsistency: the doc alternates between 'npm install -g' and 'npx ...@latest' usage, but both are reasonable ways to run the CLI.
Install Mechanism
No install spec is embedded (instruction-only), which is low risk. However the SKILL.md tells users to install an npm package (@membranehq/cli) globally or run it with npx — installing third-party npm packages executes code on the host, so users should verify the package source and contents before installing globally.
Credentials
The skill declares no required env vars or credentials; authentication is described as an OAuth/browser flow managed by Membrane. This is proportionate to the integration purpose, but the resulting Membrane connection will grant Membrane access to the user's UserLeap data — users should confirm scopes and trust.
Persistence & Privilege
always is false and there are no install-time changes performed by the skill itself. The skill relies on the Membrane CLI and web-based auth; autonomous invocation is allowed but not unusual and does not materially increase risk given no secret environment variables are requested.
Assessment
This SKILL.md is internally consistent with its stated goal of integrating UserLeap via Membrane. Before installing or running anything: 1) Confirm you trust Membrane (getmembrane.com) and review the @membranehq/cli npm package (package page, source repo, recent release notes) — prefer using npx to avoid a global install. 2) Review the OAuth/connect scopes shown during the browser login to understand what data Membrane will access. 3) Do not paste API keys into the skill; follow the documented browser-based connection flow. 4) If you must audit behavior, run commands in a controlled environment (container/VM) first and inspect network traffic or CLI outputs.

Like a lobster shell, security has layers — review code before you run it.

latestvk9702z9n8vm3jeesqtrvk6st0n8439r3

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments