ClawHub

Niceboard

v1.0.2

Niceboard integration. Manage data, records, and automate workflows. Use when the user wants to interact with Niceboard data.

0· 92·0 current·0 all-time
byMembrane Dev@membranedev
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (Niceboard integration) match the runtime instructions which teach the agent to use the Membrane CLI to connect to Niceboard and run actions or proxy API requests. Nothing requested by the SKILL.md (network access and a Membrane account) is unexpected for this purpose.
Instruction Scope
The SKILL.md instructs installing and using the Membrane CLI, performing browser-based login, creating connections, listing actions, running actions, and proxying requests. All actions are within the stated purpose. It does direct network requests via Membrane's proxy (expected), and instructs installing global CLI tools — which affects the host but is in-scope for the integration.
Install Mechanism
No install spec in the registry bundle (instruction-only). SKILL.md recommends an npm global install (npm install -g @membranehq/cli) and shows npx usage. Installing a public npm CLI is a reasonable choice for this skill but carries the usual trust/risk of third‑party npm packages (global install modifies host PATH).
Credentials
The skill declares no required environment variables or credentials; instead it relies on Membrane's browser-based login and server-side credential management. That is proportionate to the described integration and avoids asking for local API keys.
Persistence & Privilege
The skill is not always-enabled and does not request persistent system-wide privileges in the bundle. As an instruction-only skill, it does not write files or modify other skill configs itself — any persistence comes from the optional Membrane CLI installation, which is a normal user action.
Assessment
This skill is instruction-only and coherent with its purpose, but before following the instructions: (1) verify the Membrane project and npm package (@membranehq/cli) are the official vendor (check the GitHub repo and package publisher); (2) prefer using npx for one-off usage if you don't want a global install; (3) be aware that authentication is performed via Membrane (a third-party service) and Membrane will broker API requests and hold credentials server-side — only proceed if you trust that service; (4) when running membrane login, review the requested permissions in the browser and avoid pasting secrets into the terminal; (5) consider testing the CLI in an isolated environment (container or VM) if you want to limit changes to your host. Overall the skill looks coherent and not disproportionate, but trust in the external Membrane service and the npm package is the main decision point.

Like a lobster shell, security has layers — review code before you run it.

latestvk975xhefmqsf2x2e5cpxbnvmn1843nc6

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments