ClawHub

Leadfeeder

v1.0.2

Leadfeeder integration. Manage Leads, Persons, Organizations, Users, Filters. Use when the user wants to interact with Leadfeeder data.

0· 92·0 current·0 all-time
byMembrane Dev@membranedev
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the instructions: the skill tells the agent to use the Membrane CLI to connect to Leadfeeder, list connections, run actions, and proxy API calls. Requiring the Membrane CLI and a Membrane account is proportional to integrating with Leadfeeder via Membrane.
Instruction Scope
SKILL.md contains step-by-step CLI usage (install CLI, login via browser, create connections, run actions, proxy requests). It does not instruct reading arbitrary host files, scanning environment variables, or exfiltrating data to third-party endpoints beyond Membrane/Leadfeeder. Headless and browser-based login flows are documented and expected.
Install Mechanism
There is no enforced install spec in the skill bundle (instruction-only). It recommends 'npm install -g @membranehq/cli' which is a common but privileged operation (installing and running third-party code globally). This is expected for a CLI-based integration but users should verify the package and publisher before installing.
Credentials
The skill declares no required env vars or credentials and explicitly states Membrane handles authentication server-side. That is proportionate: the integration uses Membrane-managed connections rather than asking for direct API keys.
Persistence & Privilege
always is false and the skill is user-invocable; it does not request persistent agent-wide privileges or modify other skills. Autonomous invocation is allowed by default but not combined with other red flags here.
Assessment
This skill is internally consistent: it directs you to use the Membrane CLI to authenticate and proxy requests to Leadfeeder rather than asking for raw API keys. Before installing or using it, verify the @membranehq/cli package and publisher on npm and GitHub, review Membrane's privacy/security docs, and ensure you are comfortable granting Membrane access to the Leadfeeder account you connect. Installing a global npm package runs third-party code on your machine — prefer installing in a controlled environment or verifying the package checksum/source if you have security concerns. Finally, be aware the login flow opens a browser (or prints a URL for headless flows) to authorize access; confirm the connection IDs and permissions created match what you intend.

Like a lobster shell, security has layers — review code before you run it.

latestvk978r03zjshwdct7f8zakrpn3d842w2x

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments