ClawHub

Lightspeed Ecom

v1.0.0

Lightspeed eCom integration. Manage data, records, and automate workflows. Use when the user wants to interact with Lightspeed eCom data.

0· 28·0 current·0 all-time
byMembrane Dev@membranedev
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description state Lightspeed eCom integration and the SKILL.md instructs using the Membrane CLI to connect, run actions, and proxy API requests — this is coherent and proportionate to the stated purpose.
Instruction Scope
Instructions are narrowly scoped to installing/using the Membrane CLI, creating connections, listing actions, and proxying requests. They do not direct the agent to read unrelated files or environment variables. Note: the CLI requires a login flow (browser or headless code exchange); the doc claims Membrane handles auth server-side but the CLI still initiates interactive login and will manage tokens — users should verify how/where those tokens are stored by the CLI.
Install Mechanism
No install spec in the skill bundle; users are told to install @membranehq/cli via npm (npm install -g or npx). This is a standard public-registry installation (moderate risk compared with no install), and consistent with needing a CLI. Verify the npm package and source (repository/homepage) before installing globally.
Credentials
The skill declares no required environment variables or credentials. All auth is routed through Membrane connections and a browser-based login flow per the SKILL.md, which is proportionate to the integration purpose.
Persistence & Privilege
always is false and the skill is user-invocable; it does not request persistent elevated privileges or modify other skills. Autonomous invocation is allowed (platform default) but is not combined with other red flags here.
Assessment
This skill is instruction-only and uses the Membrane CLI to access Lightspeed eCom, which is consistent with its description. Before installing or running it: verify the @membranehq/cli npm package and the listed repository/homepage (check npmjs.org and the GitHub repo for authenticity and recent activity); be aware the CLI performs an interactive login (browser or headless code flow) and may store tokens locally — inspect where tokens are kept and the CLI's privacy/security docs; prefer using npx for a one-off execution if you don't want a global install; and review the permissions the Membrane connection requests when you authenticate (only grant what you need). If you need higher assurance, ask the skill author for an explicit explanation of token storage and a link to the exact npm package and GitHub release used.

Like a lobster shell, security has layers — review code before you run it.

latestvk979gs9xceg45vwewd5dwq2wnn847szc

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments