ClawHub

Clarify

v1.0.0

Clarify integration. Manage data, records, and automate workflows. Use when the user wants to interact with Clarify data.

0· 77·2 current·2 all-time
byMembrane Dev@membranedev
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (Clarify integration) matches the instructions: all actions are performed via the Membrane CLI which proxies requests to Clarify. There are no unrelated environment variables, binaries, or config paths requested.
Instruction Scope
SKILL.md instructs running the Membrane CLI (login, connect, action run, request) and using browser-based auth. The instructions do not ask the agent to read unrelated local files or secrets. Important: using Membrane means API calls and payloads go through Membrane's servers (they handle auth and refresh), which is expected for this functionality but relevant for data privacy.
Install Mechanism
There is no registry-level install spec, but SKILL.md instructs users to run 'npm install -g @membranehq/cli' (public npm). This is a standard mechanism (moderate risk): npm packages are traceable but not pre-reviewed by this scanner. No arbitrary downloads or extract-from-URL behavior is present.
Credentials
The skill declares no required env vars or credentials. Authentication is delegated to Membrane's connection flow (browser login). The absence of local secrets is proportionate, but note that credentials are managed server-side by Membrane and API calls will be visible to that service.
Persistence & Privilege
always is false and the skill is user-invocable; it doesn't request permanent agent-wide privileges or modify other skills. The only persistent change suggested by the instructions is installing a CLI on the host (user action), which is reasonable for the stated purpose.
Assessment
This skill is coherent: it tells you to install and use the Membrane CLI to access Clarify and does not request unrelated credentials. Before installing or using it, verify the @membranehq/cli package and the Membrane service (review their npm page and privacy/security docs), because Membrane will proxy and see the API requests and stored credentials. Prefer installing the CLI in a user-controlled environment (avoid running as root), and avoid sending highly sensitive data through the proxy unless you’ve confirmed compliance and trust. Finally, review each membrane command output before allowing automated runs so you know what data would be transmitted.

Like a lobster shell, security has layers — review code before you run it.

latestvk975frs2j78ymcgjndz82fdqch844t2k

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments