ClawHub

Vero

v1.0.2

Vero integration. Manage data, records, and automate workflows. Use when the user wants to interact with Vero data.

0· 158·0 current·0 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description describe a Vero integration and the SKILL.md only asks you to install and use the Membrane CLI to connect to Vero and run actions — these requirements are proportionate and expected.
Instruction Scope
Instructions tell the agent to install and run the Membrane CLI, create connections, run actions, and optionally proxy raw requests through Membrane. This is within scope for a Vero integration, but proxying/raw requests will transmit request bodies and headers to Membrane's servers — users should be aware that sensitive data (user PII, tokens present in API payloads, etc.) will flow through that third party.
Install Mechanism
No packaged install spec in the registry; SKILL.md recommends installing @membranehq/cli globally via npm and uses npx for occasional commands. npm global installs and npx downloads are common but do execute third-party code on the host — verify trust in @membranehq/cli before installing globally.
Credentials
The skill requests no local environment variables or secrets and explicitly recommends letting Membrane manage credentials; the credential footprint is minimal and matches the described approach.
Persistence & Privilege
Skill is instruction-only, has no install spec in registry, does not request always:true, and does not modify other skills or system-wide settings — no elevated persistence or privileges are requested.
Assessment
This skill appears coherent and focused on using the Membrane CLI to interact with Vero. Before installing: (1) confirm you trust @membranehq/cli/getmembrane (open-source repo, org reputation, and reviews); (2) be aware that using the Membrane proxy sends request bodies/headers to Membrane — avoid sending highly sensitive data through it unless you accept that third-party processing; (3) installing npm packages globally modifies your system PATH and runs third-party code — consider using a container or dedicated environment if you want to limit risk; (4) verify any connection IDs or outputs before sharing them. If you need the skill to avoid routing data through an external proxy, you should request an alternative integration that uses direct API keys stored locally (and understand the tradeoffs).

Like a lobster shell, security has layers — review code before you run it.

latestvk979a9f7ryq86mcz4beqcfjf9h842m6t

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments