ClawHub

3Dcart

v1.0.0

3dcart integration. Manage data, records, and automate workflows. Use when the user wants to interact with 3dcart data.

0· 32·0 current·0 all-time
byMembrane Dev@membranedev
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (3dcart integration) align with the content: all runtime actions are about using Membrane to interact with 3dcart resources (connections, actions, proxy requests). There are no unrelated credential requests or unrelated binaries declared.
Instruction Scope
SKILL.md confines the agent to installing and using the Membrane CLI, creating/listing connections, running actions, and proxying API calls to 3dcart. It does not instruct reading unrelated files or environment variables, nor sending data to endpoints outside Membrane/3dcart.
Install Mechanism
The skill is instruction-only (no install spec), but the README tells users to run `npm install -g @membranehq/cli`. That is a public npm package install (moderate-risk operation because it writes binaries globally), and the SKILL.md does not embed an automated install step — this is expected but worth noting to verify the package/source before installing.
Credentials
No environment variables or credentials are required by the skill; SKILL.md explicitly directs users to let Membrane manage credentials server-side rather than entering API keys locally. Requested privileges are proportional to the stated purpose.
Persistence & Privilege
Skill is not always-on, has no install-time hooks, and contains no code that modifies agent-wide settings. It is user-invocable and may be auto-invoked (platform default), which is normal for skills.
Assessment
This skill appears coherent: it tells you to install the public @membranehq CLI and use Membrane to connect to 3dcart so credentials stay server-side. Before installing or running commands: 1) verify the @membranehq package and GitHub repo are legitimate and match the vendor you trust (check npmjs.org and the linked repository), 2) be aware that installing with `npm -g` adds a global binary — review what the CLI does and its permissions, and 3) when using `membrane request` to proxy arbitrary API paths, ensure you do not inadvertently transmit sensitive local data in request bodies or headers. If you are uncomfortable trusting a third-party service to hold your store credentials, do not create a connection and instead use a direct vetted integration or service you control.

Like a lobster shell, security has layers — review code before you run it.

latestvk977mn7sks2exdddqrhfctxxa1843g21

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments