ClawHub

Veeva Vault

v1.0.2

Veeva Vault integration. Manage data, records, and automate workflows. Use when the user wants to interact with Veeva Vault data.

0· 103·0 current·0 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The name/description (Veeva Vault integration) match the instructions: the skill instructs the agent to use the Membrane CLI to discover connectors, create connections, run actions, and proxy API requests to Veeva Vault. No unrelated services or credentials are requested.
Instruction Scope
Instructions are explicit about installing and using the Membrane CLI, logging in, creating connections, running actions, and proxying arbitrary Vault API requests. This stays within the stated purpose, but the ability to proxy arbitrary endpoints means users/agents can read or modify any Vault data the connection authorizes — so actions like delete-document or proxy requests should be used with caution.
Install Mechanism
The skill is instruction-only (no automated install), but it tells users to run `npm install -g @membranehq/cli`. Installing an npm package globally is a reasonable, common step for CLI tools but carries the usual moderate risk of installing third-party code from npm; users should verify the package and source before installing.
Credentials
The skill does not declare or require environment variables or other credentials; it relies on Membrane's interactive/browser-based authentication to obtain Vault access. This is proportionate for an integration that needs user-authorized access to Vault.
Persistence & Privilege
The skill is not always-enabled and is user-invocable. It does not ask to modify other skills or system-wide settings. There is no persistent privileged behavior requested by the skill manifest itself.
Assessment
This skill appears to do what it says: it delegates auth and API calls to the Membrane CLI. Before installing/using it: (1) verify you trust the @membranehq/cli npm package and its publisher (check npm/GitHub repo and package version), (2) be aware that connecting a Vault account grants the CLI (and any agent actions using it) whatever Vault privileges that user has — avoid running destructive actions unless intended, (3) treat proxy requests and action runs as equivalent to direct API calls (they can read/modify Vault data), and (4) consider installing the CLI in an isolated environment if you are unsure about the package origin. If you want stronger assurance, ask the skill author for an explicit list of required Membrane actions/scopes and the exact npm package version to install.

Like a lobster shell, security has layers — review code before you run it.

latestvk974tcq4cx846v2jtk028rtt89842jz4

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments