ClawHub

Zoho Commerce

v1.0.0

Zoho Commerce integration. Manage data, records, and automate workflows. Use when the user wants to interact with Zoho Commerce data.

0· 56·0 current·0 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
CryptoCan make purchases
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (Zoho Commerce integration) aligns with the instructions: all runtime steps use the Membrane CLI to discover actions, create connections, run actions, or proxy requests to Zoho Commerce. Nothing in the skill asks for unrelated capabilities (e.g., AWS creds) that would be incoherent with the stated purpose.
Instruction Scope
SKILL.md instructs only on installing and using the Membrane CLI, creating/using connections, listing/running actions, and proxying requests to Zoho Commerce. It does not instruct the agent to read arbitrary local files, environment variables, or other system state beyond using the CLI and browser-based auth flow.
Install Mechanism
The skill recommends a global npm install (npm install -g @membranehq/cli). This is a standard but moderately privileged install step (writes to system/global node modules and PATH). The recommendation is reasonable for the stated purpose, but users should verify the npm package source, publisher, and integrity before installing.
Credentials
No env vars, credentials, or config paths are requested by the skill. The SKILL.md explicitly instructs not to ask users for API keys and to let Membrane manage auth server-side, which is proportionate to the stated design (delegating auth to Membrane).
Persistence & Privilege
No special persistence or always-on privilege is requested (always:false). The skill is instruction-only and will not force-install or modify other skills or system-wide agent settings.
Assessment
This skill is coherent and appears to do what it claims, but it relies on a third-party service (Membrane) and on installing an npm package globally. Before installing or using it: 1) Verify the @membranehq/cli package on npm and its GitHub repository (publisher, recent commits, open issues). 2) Review Membrane's privacy/security docs—requests and auth are proxied through their service, so they will see request/response data and hold refreshed credentials. 3) If you prefer not to install globally, use npx for one-off commands or run in an isolated environment. 4) For sensitive production data, consider least-privilege connections in Zoho and audit what the connector can access. If you want me to, I can fetch the npm package metadata and repository links and highlight any red flags.

Like a lobster shell, security has layers — review code before you run it.

latestvk97fwrb5h7t22hjw9ae7yc7kes84azvg

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments