ClawHub

Yapily

v1.0.2

Yapily integration. Manage data, records, and automate workflows. Use when the user wants to interact with Yapily data.

0· 76·0 current·0 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The README describes a Yapily integration implemented via the Membrane CLI. All required actions (connect, action run, proxy to Yapily) are performed through Membrane, which aligns with the skill's stated purpose.
Instruction Scope
SKILL.md only instructs installing/running the Membrane CLI, authenticating via Membrane's browser flow, listing/connecting actions, and proxying requests to Yapily. It does not ask the agent to read unrelated files, environment variables, or post data to unexpected endpoints.
Install Mechanism
There is no automatic install spec in the skill bundle; the instructions ask the user to run `npm install -g @membranehq/cli` (or use npx). This is a normal, user-initiated install from the npm registry but carries the usual moderate risk of installing third-party CLI tooling (global install requires privilege and you should verify the package's authenticity).
Credentials
The skill declares no required env vars, config paths, or credentials and explicitly instructs to rely on Membrane for auth. The browser-based Membrane login is consistent with the integration; no unrelated secrets are requested.
Persistence & Privilege
always is false and the skill is instruction-only with no code or persistent hooks. It does not request elevated or persistent agent privileges beyond normal autonomous invocation defaults.
Assessment
This skill is coherent: it delegates all Yapily access to the Membrane CLI and requires a Membrane account and network access. Before installing, verify the @membranehq/cli package on the npm registry and the Membrane service (homepage, privacy/security docs). Be aware that `npm install -g` modifies your system (may require admin rights) and that authenticating opens a browser flow — do not paste unrelated secrets into prompts. If you prefer tighter control, run the CLI in a sandboxed environment or use npx for one-off commands.

Like a lobster shell, security has layers — review code before you run it.

latestvk9715nwgar8dw2tz80jzgc6bhn8431bz

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments