ClawHub

Workiom

v1.0.2

Workiom integration. Manage data, records, and automate workflows. Use when the user wants to interact with Workiom data.

0· 103·0 current·0 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (Workiom integration) align with the instructions: the skill relies on the Membrane CLI to talk to Workiom and manage connections/actions. No unrelated services, credentials, or binaries are requested.
Instruction Scope
SKILL.md confines runtime actions to installing/using the Membrane CLI, creating connections, listing/running actions, and proxying requests to Workiom via Membrane. It does not instruct reading unrelated files or asking for unrelated secrets. It does require opening a browser (or using a headless code flow) for auth, which is expected for this integration.
Install Mechanism
There is no packaged install spec — the doc instructs installing @membranehq/cli via npm (global). This is a typical mechanism but carries normal npm supply-chain risk; the package and its GitHub repo should be inspected if you want stronger assurance.
Credentials
The skill declares no required env vars or credentials and explicitly instructs not to ask users for API keys, since Membrane handles auth. Requested access appears proportionate.
Persistence & Privilege
Skill is not always-enabled and makes no requests to modify other skills or global agent settings. It does direct the agent to run a CLI and create connections, which is expected for this kind of integration.
Assessment
This skill is coherent for a Workiom integration via Membrane. Before installing: (1) review the @membranehq/cli npm package and linked GitHub repo to confirm you trust the provider; (2) be aware npm -g will install code that runs on your machine — consider installing in an isolated environment if you prefer; (3) the CLI will open a browser or use a headless auth flow and may store tokens locally via Membrane's tooling; (4) the skill can invoke the CLI and make network requests, which is expected — if you don't trust Membrane or the CLI, don't install. Overall the footprint and instructions match the stated purpose.

Like a lobster shell, security has layers — review code before you run it.

latestvk97bza9ypvbvv0k4t42zzky2tx843334

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments