ClawHub

Yanado

v1.0.2

Yanado integration. Manage data, records, and automate workflows. Use when the user wants to interact with Yanado data.

0· 61·0 current·0 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The skill name/description (Yanado integration) matches the instructions: all actions are performed via the Membrane CLI and a Membrane account. Required network access and a Membrane account are reasonable and expected for this integration.
Instruction Scope
The SKILL.md confines runtime behavior to installing/using the Membrane CLI, logging in, creating connections, listing/running actions, and proxying requests to the Yanado API via Membrane. It does not instruct reading unrelated files, exporting environment variables, or exfiltrating data to unknown endpoints. The browser-based login and proxying are explicitly documented.
Install Mechanism
There is no install spec in the registry; the README instructs users to run `npm install -g @membranehq/cli`. Installing a third-party global npm package is common for CLI tools but does carry supply-chain and local-system-change risk. The instruction uses a standard public registry package (no raw downloads or extract steps), which is lower risk than arbitrary URLs but you should verify the npm package and publisher before installing.
Credentials
The skill declares no required environment variables or credentials. It relies on Membrane to manage OAuth and credential refresh server-side, which is proportionate for an integration that acts on behalf of a Yanado account.
Persistence & Privilege
always is false and the skill does not request persistent system-wide changes or access to other skills' configuration. Autonomous invocation is allowed (platform default) and appropriate for an integration; there are no additional privileged flags.
Assessment
This skill is internally consistent, but take normal precautions before installing third-party CLIs: verify the @membranehq/cli package and publisher on npm, confirm the homepage/repository links (getmembrane.com and the GitHub repo) point to the official project, and review Membrane's privacy/security documentation to understand what data is proxied. If you prefer to limit impact, install or run the CLI in a container or isolated environment rather than as a global npm package on a sensitive machine. Remember that Membrane will act as a proxy and can call arbitrary Yanado endpoints on your behalf—only use it if you trust the service to handle your Yanado credentials and data.

Like a lobster shell, security has layers — review code before you run it.

latestvk97b12qmszmq08m3nmqbkg2txn8423ve

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments