ClawHub

Zoho Creator

v1.0.2

Zoho Creator integration. Manage Applications, Users, Roles. Use when the user wants to interact with Zoho Creator data.

0· 96·0 current·0 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The name/description (Zoho Creator integration) matches the SKILL.md: all instructions are about installing the Membrane CLI, creating a Membrane connection to Zoho Creator, listing/running actions and proxying API requests. No unrelated capabilities or requests are present.
Instruction Scope
Instructions are narrowly scoped to installing and using the Membrane CLI to perform Zoho Creator actions and to proxy arbitrary Zoho API calls. They do not instruct reading local files or unrelated environment variables, but they do direct potentially sensitive Zoho data and credentials to flow via Membrane's service.
Install Mechanism
There is no install spec in the registry (instruction-only), but the SKILL.md tells users to run `npm install -g @membranehq/cli`. Asking users to install a third-party global npm package is a supply-chain consideration; the skill itself does not silently install anything.
Credentials
The skill declares no required env vars or credentials. It relies on the Membrane account/connection flow for authentication. This is proportionate to the stated purpose, though it requires trusting Membrane to handle credentials and request proxying.
Persistence & Privilege
always is false and the skill is user-invocable. There is no code that requests persistent presence, modifies other skill configs, or asks for broadened platform privileges.
Assessment
This skill is coherent with its purpose, but you should: (1) verify you trust Membrane (@membranehq) before installing their global npm CLI; (2) understand that API calls and (potentially) your Zoho data/credentials will flow through Membrane's service — review their privacy/security/retention policies and access controls; (3) prefer creating a least-privileged Zoho connection for automation rather than using an owner/admin account; (4) install the CLI in a controlled environment (or review the package source) rather than blindly running global npm installs; and (5) if you need higher assurance, consult your security team or use your organization's approved integration approach instead of a third-party proxy.

Like a lobster shell, security has layers — review code before you run it.

latestvk97fyra4ze6gz1hdnspkss36q1843g0j

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments