ClawHub

Paystand

v1.0.0

Paystand integration. Manage data, records, and automate workflows. Use when the user wants to interact with Paystand data.

0· 59·0 current·0 all-time
byMembrane Dev@membranedev
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
CryptoCan make purchases
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name and description match the runtime instructions: the skill is an integration that uses the Membrane CLI to interact with Paystand. No unrelated credentials, binaries, or config paths are requested.
Instruction Scope
SKILL.md stays within the integration scope: it describes installing the Membrane CLI, logging in, creating connections, listing/running actions, and proxying API requests via Membrane. It does not instruct reading unrelated files or environment variables.
Install Mechanism
The skill instructs the user to run a global npm install (npm install -g @membranehq/cli). This is expected for a CLI-based integration but carries the usual risks of installing a global npm package (trusting the package/maintainer and giving a binary on PATH). The skill itself has no install spec and does not perform automatic downloads.
Credentials
No environment variables, secrets, or config paths are requested. The SKILL.md explicitly advises against asking users for API keys and relies on Membrane to manage auth, which is proportionate to the described behavior.
Persistence & Privilege
always is false and there are no indications the skill attempts to persist or modify other skills or system-wide settings. It requires explicit user actions (installing CLI, logging in) to operate.
Assessment
This skill appears to be what it says: a Paystand integration that uses the Membrane CLI. Before installing: (1) verify the @membranehq/cli package and its maintainer on npm or GitHub so you trust the binary you're adding to PATH; (2) be aware Membrane will proxy requests and manage Paystand credentials server-side — ensure you trust Membrane with access to your Paystand account and review their privacy/terms; (3) follow the interactive browser-based login flow rather than pasting keys into local scripts; (4) if you are concerned about autonomous agent execution, note the skill allows model invocation by default — disable model invocation in your agent settings if you want to prevent automatic use. Overall the components are coherent and proportionate to the stated purpose.

Like a lobster shell, security has layers — review code before you run it.

latestvk97e3zq09wfzze6khgh2rs731d84ar0q

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments