Sage 300
v1.0.0Sage 300 integration. Manage data, records, and automate workflows. Use when the user wants to interact with Sage 300 data.
⭐ 0· 95·0 current·0 all-time
byMembrane Dev@membranedev
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Benign
medium confidencePurpose & Capability
The skill declares itself as a Sage 300 integration and the SKILL.md exclusively documents using the Membrane CLI to connect, discover actions, run actions, and proxy raw API requests to Sage 300. Requiring network access and a Membrane account aligns with that purpose. There are no unrelated credentials, binaries, or config paths requested.
Instruction Scope
All runtime instructions are calls to the Membrane CLI (login, connect, action list/run, request proxy). The instructions do not ask the agent to read arbitrary local files, environment variables, or other system state. One operational note: the skill explicitly routes API requests through Membrane's proxy (so Sage 300 data is sent to Membrane as part of normal operation); this is expected for this design but important for user privacy and trust decisions.
Install Mechanism
There is no registry install spec and no code bundled with the skill (instruction-only). The SKILL.md recommends installing the @membranehq/cli via npm as a user step. That is a normal, low-risk guidance (user-run), not an automated or opaque download from an unknown host.
Credentials
The skill requests no environment variables or local credentials in the registry, which is consistent. However, it depends on a Membrane account and uses Membrane to manage auth and to proxy requests — meaning Sage 300 data and authentication flows will transit Membrane's service. While this is coherent with the described architecture, users should assess whether sending ERP data and delegated auth tokens to Membrane (getmembrane.com) is acceptable for their security/privacy requirements.
Persistence & Privilege
always is false, there is no install-time persistence in the registry, and the skill contains no code that would write files or alter other skills. Model invocation is allowed (the platform default) which is normal for an integration skill.
Assessment
This skill appears to do what it says: it uses the Membrane CLI to connect to Sage 300 and proxy requests. Before installing or using it, verify you trust Membrane (getmembrane.com) because Sage 300 data and authentication flows will pass through their proxy. Consider: (1) review Membrane's privacy/security docs and terms, (2) validate the @membranehq/cli package source (official npm/org and GitHub repo) before npm installing globally, (3) avoid testing on sensitive production data until you confirm data handling meets your policy, and (4) if your organization requires, get admin approval for third‑party proxying of ERP data. If you want stronger guarantees, request a version that runs direct-to-Sage-300 with customer-controlled credentials instead of proxying through Membrane.Like a lobster shell, security has layers — review code before you run it.
latestvk976808myebbwvv67m9h5s889n84hc8z
License
MIT-0
Free to use, modify, and redistribute. No attribution required.