ClawHub

Webcrm

v1.0.2

WebCRM integration. Manage data, records, and automate workflows. Use when the user wants to interact with WebCRM data.

0· 76·0 current·0 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The skill claims to integrate with WebCRM and all runtime instructions use the Membrane CLI / Membrane proxy to access WebCRM, which is coherent. Minor inconsistency: registry metadata declares no required binaries, but SKILL.md assumes npm/npx and the @membranehq/cli are available/installed.
Instruction Scope
Instructions are narrowly scoped to installing/using the Membrane CLI, creating a connection, listing actions, running actions, and proxying requests to the WebCRM API. The skill does not instruct reading unrelated local files or environment variables.
Install Mechanism
This is instruction-only (no automated install spec). It tells the user to install @membranehq/cli via npm or run via npx. Pulling CLI code from the public npm registry (especially via npx @membranehq/cli@latest) is normal but has the usual supply-chain considerations.
Credentials
No environment variables or secrets are requested by the skill. Auth is delegated to Membrane (browser login flow), which is proportionate to the stated purpose. Users should understand credentials will be held/managed by the Membrane service.
Persistence & Privilege
The skill does not request always:true or any elevated persistent presence and does not instruct modifying other skills or global agent configuration.
Assessment
This skill is coherent: it relies on the Membrane CLI to access WebCRM, and it intentionally avoids asking for raw API keys. Before installing/using it: verify you trust the Membrane service (getmembrane.com) because API requests and auth tokens will be proxied/managed by their servers; confirm the npm package name (@membranehq/cli) and project repository are legitimate; ensure you have Node/npm available locally (SKILL.md assumes npm/npx even though the registry metadata lists no required binaries); prefer installing a pinned CLI version rather than unpinned npx@latest if you want to reduce supply-chain risk; and be comfortable that login opens a browser (or uses the headless flow) to authenticate.

Like a lobster shell, security has layers — review code before you run it.

latestvk978ke8f166tckddaq8aqg13j5842h5z

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments