ClawHub

Jumpseller

v1.0.2

Jumpseller integration. Manage Stores. Use when the user wants to interact with Jumpseller data.

0· 97·0 current·0 all-time
byMembrane Dev@membranedev
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description match the instructions: all runtime steps call the Membrane CLI to discover connectors, create connections, run actions, or proxy requests to the Jumpseller API. Nothing requests unrelated services or credentials.
Instruction Scope
Instructions are focused on installing and using the Membrane CLI, authenticating via browser, creating a connection, listing and running actions, and using a proxy to call Jumpseller endpoints. This stays within the stated purpose, but the proxy capability lets the user (or agent using the skill) send arbitrary requests to the Jumpseller API via Membrane — so the user must trust Membrane with full store access and any proxied payloads.
Install Mechanism
No install spec is embedded in the skill bundle (instruction-only), but SKILL.md instructs users to run `npm install -g @membranehq/cli`. Installing a global npm package is a normal approach but carries the usual risks of third‑party packages; users should verify the package origin and integrity before installing.
Credentials
The skill declares no required env vars or credentials. It relies on Membrane for authentication and credential management (browser login/connection flow). The requested access is proportionate to the task, but it implies trusting Membrane to hold and refresh Jumpseller credentials server-side.
Persistence & Privilege
Skill does not request always:true, does not modify other skills, and does not require persistent config paths. It operates at runtime via CLI commands and user/browser auth, which is appropriate for this integration.
Scan Findings in Context
[no-findings] expected: This is an instruction-only skill with no code files, so the regex scanner had nothing to analyze. The absence of findings is expected but not evidence of safety; the security surface is the external Membrane service and the CLI the instructions ask you to install.
Assessment
This skill appears to do what it says: it uses the Membrane CLI to access Jumpseller. Before installing or using it, verify you trust the Membrane project and the @membranehq/cli npm package (check the npm publisher, linked GitHub repo, and homepage). Understand that Membrane will handle and store your Jumpseller credentials and can proxy arbitrary API requests on your behalf — only grant access if you are comfortable with that level of access. Prefer the documented browser-based connection flow (do not hand over raw API keys unless you know why). If you need stronger assurance, inspect the Membrane project's source and npm package signing, or use an organizational account/policy that limits third-party access to production store data.

Like a lobster shell, security has layers — review code before you run it.

latestvk979sms3va3y7550hzs7afmhex843fsc

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments