ClawHub

Forms On Fire

v1.0.2

Forms On Fire integration. Manage Forms, Users, Groups. Use when the user wants to interact with Forms On Fire data.

0· 141·0 current·0 all-time
byMembrane Dev@membranedev
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name and description (Forms On Fire integration) match the instructions: all actions are performed via the Membrane CLI and Membrane connectors to Forms On Fire. Requested capabilities (network access, Membrane account) are appropriate for this purpose.
Instruction Scope
SKILL.md instructs the agent/user to install and use the Membrane CLI, run login flows (browser-based OAuth) and list/connect/run actions or proxy API requests. It does not instruct reading unrelated files, harvesting environment variables, or exfiltrating data to unexpected endpoints.
Install Mechanism
Installation is an npm global install (npm install -g @membranehq/cli). This is expected for a CLI-based integration but carries the usual risks of installing a global npm package (it will run code from the npm package). The install method is not unusual or secretly downloading arbitrary executables.
Credentials
The skill declares no required env vars or credentials and relies on Membrane to handle authentication. That is proportionate: you create a connection via Membrane rather than providing API keys to the skill.
Persistence & Privilege
Skill is instruction-only, has no install script, and 'always' is false. It does not request persistent elevated privileges or modifications to other skills. The default ability for the agent to invoke the skill autonomously remains in place (normal behavior).
Assessment
This skill delegates all auth and API calls to Membrane and requires installing the @membranehq/cli via npm and a Membrane account. Before installing: 1) confirm you trust the Membrane project and the npm package (@membranehq/cli) because npm global installs execute upstream code; 2) understand that connecting to Forms On Fire will allow Membrane to access that service on your behalf—review and limit connector scopes in your Membrane account; 3) the skill does not ask for local API keys or secrets, and it uses a browser-based login flow; 4) because the skill can be invoked by the agent, only enable it if you’re comfortable the agent may run Membrane commands that interact with your Forms On Fire data when triggered.

Like a lobster shell, security has layers — review code before you run it.

latestvk97bdhqywys32s9n469ajdd7th842ryv

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments