ClawHub

Pdfmonkey

v1.0.2

PDFMonkey integration. Manage Documents, Audits. Use when the user wants to interact with PDFMonkey data.

0· 98·0 current·0 all-time
byMembrane Dev@membranedev
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (PDFMonkey integration) match the instructions: all guidance is about installing and using the Membrane CLI to connect to and call PDFMonkey. No unrelated services, env vars, or files are requested.
Instruction Scope
SKILL.md instructs the agent/user to install and run the Membrane CLI, create connections, list actions, run actions, and (optionally) proxy raw API requests via Membrane. These steps are within the scope of a PDFMonkey integration, but they will send request payloads and metadata through Membrane's infrastructure — the user should be aware their PDF data and API requests transit Membrane.
Install Mechanism
This is an instruction-only skill (no install spec). It recommends installing @membranehq/cli globally via npm (npm install -g). That is a standard approach but brings the usual supply-chain considerations for npm global packages; nothing in the skill attempts to download arbitrary code from unknown URLs.
Credentials
The skill declares no required env vars or secrets and explicitly advises against asking users for API keys (it relies on Membrane's managed auth). The lack of requested credentials is proportionate to the described workflow.
Persistence & Privilege
always is false and the skill does not request persistent or cross-skill configuration or elevated privileges. It relies on the user's explicit CLI login/connection steps.
Assessment
This skill appears coherent: it delegates auth and API calls to the Membrane CLI rather than asking for API keys. Before installing/using it, consider: (1) installing a global npm CLI has normal supply-chain risks—prefer installing a specific audited version or using an isolated environment; (2) all requests and document data will transit Membrane's servers, so review Membrane's privacy/security and the connector permissions; (3) when running actions, inspect the action IDs and input you send to avoid unintentionally exposing sensitive fields; (4) if you need stricter guarantees, consider using direct PDFMonkey credentials and calls (outside Membrane) or reviewing Membrane's source and org.

Like a lobster shell, security has layers — review code before you run it.

latestvk975pcmjpx5dh1bwaftswq8ktn8437dh

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments