ClawHub

Waydev

v1.0.2

Waydev integration. Manage data, records, and automate workflows. Use when the user wants to interact with Waydev data.

0· 85·0 current·0 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The skill description (Waydev integration) matches the runtime instructions: it uses Membrane as a proxy/connector to access Waydev actions and APIs. Asking the user to install the Membrane CLI and create a connection is coherent with the stated purpose.
Instruction Scope
Instructions are limited to installing and using the Membrane CLI, creating connections, listing actions, running actions, and proxying requests. This is within scope for an API integration. However, the SKILL.md explicitly allows proxying arbitrary endpoints via 'membrane request', which means Membrane will see request and response payloads — verify you trust that intermediary before sending sensitive data.
Install Mechanism
The skill is instruction-only (no install spec in the registry) and recommends installing @membranehq/cli via npm (npm install -g). That is a common approach but carries moderate risk compared with no-install skills: installing a global npm package requires trusting the package publisher and registry artifacts.
Credentials
The skill declares no required environment variables, no credentials, and no config paths. The guidance explicitly says to let Membrane handle credentials and not to ask users for API keys, which is proportionate for a connector-style skill.
Persistence & Privilege
The skill does not request always:true and is user-invocable. There is no indication it modifies other skills or system-wide settings. Autonomous invocation is allowed by default but not an additional concern here.
Assessment
This skill appears to be what it claims: a Waydev integration that uses the Membrane CLI. Before installing, confirm you trust Membrane (@membranehq) because the CLI and proxy will handle authentication and see API requests/responses (sensitive data could traverse their service). Verify the npm package publisher and repository (check the GitHub repo and npm org), prefer installing in a controlled environment, and only create connections with the minimum required permissions. If you need stronger guarantees, review Membrane's privacy/security docs or run the CLI from an isolated/ephemeral environment rather than your primary workstation.

Like a lobster shell, security has layers — review code before you run it.

latestvk976grrcm9nmmtedc0agfbqfgn842yr1

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments