ClawHub

Oh Dear

v1.0.0

Oh Dear! integration. Manage data, records, and automate workflows. Use when the user wants to interact with Oh Dear! data.

0· 68·0 current·0 all-time
byMembrane Dev@membranedev
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The skill declares an Oh Dear! integration and all runtime instructions use the Membrane CLI to connect to Oh Dear!, list actions, run actions, and proxy requests. No unrelated credentials, binaries, or system paths are requested.
Instruction Scope
SKILL.md limits actions to installing and using the Membrane CLI, creating a connection, discovering actions, running actions, and proxying API requests. It does not instruct reading local secrets, system files, or unrelated environment variables. The proxy capability allows arbitrary API calls to Oh Dear! via Membrane, which is expected for this integration.
Install Mechanism
There is no platform install spec; the docs instruct the user to run `npm install -g @membranehq/cli` or to use npx. Installing a public npm CLI is reasonable for this skill, but global npm installs require trusting the package and registry. The skill itself does not automatically download or execute code on install.
Credentials
No environment variables, credentials, or config paths are requested by the skill. The SKILL.md explicitly defers auth to Membrane and advises not to ask the user for API keys, which is proportional for a connector-based integration.
Persistence & Privilege
The skill is instruction-only, does not request 'always' presence, and does not modify other skills or system-wide config. It requires user action to install and authenticate, so it does not gain elevated persistent privileges automatically.
Assessment
This skill is coherent: it uses the Membrane CLI to access Oh Dear! and does not request local secrets. Before installing, verify you trust the @membranehq CLI package and the Membrane service (review npm package ownership and the Membrane privacy/security docs). When you connect, review the OAuth/scopes presented so you understand what access you grant to Membrane. Prefer using npx or a scoped install if you want to avoid a global npm install, and run the CLI from an account with minimal privileges. Finally, remember that Membrane will proxy arbitrary API requests to Oh Dear! for any action you run, so only run actions/requests you trust.

Like a lobster shell, security has layers — review code before you run it.

latestvk972kt176xsgfzgm43fe42002s84axgn

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments