ClawHub

Enfuce

v1.0.0

Enfuce integration. Manage data, records, and automate workflows. Use when the user wants to interact with Enfuce data.

0· 31·0 current·0 all-time
byMembrane Dev@membranedev
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
CryptoCan make purchases
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (Enfuce integration) match the instructions: everything centers on using the Membrane CLI to connect to Enfuce and run actions or proxied requests. No unrelated services, binaries, or credentials are requested.
Instruction Scope
SKILL.md only instructs installing and using the Membrane CLI, logging in, creating a connector, listing actions, running actions, and proxying requests to Enfuce through Membrane. It does not direct reading unrelated files, searching shell history, accessing system config paths, or transmitting data to unexpected endpoints.
Install Mechanism
There is no automated install spec in the registry metadata, but SKILL.md tells users to run a global npm install (npm install -g @membranehq/cli). Installing a global npm package is a normal way to obtain a CLI but carries the usual supply-chain/trust considerations (verify the package and repository before installing).
Credentials
The skill declares no required env vars, no primary credential, and no config paths. It relies on Membrane for auth management, which is coherent with the stated best-practice to avoid asking users for API keys or secrets.
Persistence & Privilege
The skill is user-invocable, not always-included, and does not request system-wide configuration changes or persistent privileges. It does not enable autonomous elevation of privileges beyond normal agent invocation.
Assessment
This skill is instruction-only and coherent, but before installing or using it you should: (1) verify the @membranehq/cli package on npm and the linked GitHub repo (ensure the package maintainer and repository match), (2) review the CLI's permissions and the authentication flow (browser-based OAuth can grant access to Enfuce data), (3) prefer a least-privilege Membrane account or test tenant when first connecting, and (4) avoid installing global npm packages from untrusted sources. If you need stronger assurance, inspect the Membrane CLI source or run it in an isolated/test environment first.

Like a lobster shell, security has layers — review code before you run it.

latestvk97ckmwxyv6s32c5ddh6tvq1k5848eee

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments