ClawHub

Reachmail

v1.0.2

ReachMail integration. Manage Campaigns, Templates, Reports, Users, Roles. Use when the user wants to interact with ReachMail data.

0· 76·0 current·0 all-time
byMembrane Dev@membranedev
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The skill describes a ReachMail integration and all runtime instructions use the Membrane CLI to discover connectors, create connections, run actions, or proxy to the ReachMail API — this matches the stated purpose.
Instruction Scope
SKILL.md instructs only to install and run the Membrane CLI, create connections via browser-based OAuth flows, list actions, and proxy API calls. It does not instruct reading unrelated files, exporting environment variables, or exfiltrating data to unknown endpoints.
Install Mechanism
There is no formal install spec in the registry, but the instructions tell the user to run `npm install -g @membranehq/cli` (and use `npx` in examples). This is a moderate-risk operation because it installs/executes third-party npm code on the host; it is proportionate for a CLI-driven integration but should be reviewed before installation.
Credentials
The skill declares no required environment variables or credentials and explicitly tells the agent to use Membrane-managed connections instead of asking for API keys, which is proportionate to the stated functionality.
Persistence & Privilege
Skill does not request always:true and has no install-time persistence configured. It does instruct users to install a CLI, but it does not itself demand elevated or permanent platform privileges.
Assessment
This skill appears coherent: it uses the Membrane CLI to talk to ReachMail and does not ask for unrelated secrets. Before installing, verify you trust the Membrane project (@membranehq on npm and getmembrane.com), prefer using `npx` or inspecting the npm package contents rather than a global install, and perform CLI installs in an isolated environment if you have security concerns. If you don't trust Membrane, do not run the npm install or create connections — instead ask for a skill variant that can work with explicit, auditable API credentials or an approved SDK. If you want to limit autonomous behavior, consider disabling model invocation for this skill in your agent settings.

Like a lobster shell, security has layers — review code before you run it.

latestvk97az0j23gd9krp6cegqsz6bs1842wq5

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments