ClawHub

Shipstation

v1.0.2

ShipStation integration. Manage Orders, Products, Customers, Warehouses, Users, Stores and more. Use when the user wants to interact with ShipStation data.

0· 64·0 current·0 all-time
byMembrane Dev@membranedev
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The skill is an instruction-only ShipStation integration that routes calls through the Membrane CLI. Required actions (connecting, running actions, proxying requests) match the stated purpose of interacting with ShipStation data.
Instruction Scope
SKILL.md only instructs the agent/operator to install and use the Membrane CLI, perform login flows, create connections, run actions, and proxy requests to ShipStation. It does not instruct reading unrelated local files, system config, or unrelated credentials.
Install Mechanism
There is no automated install spec in the registry (instruction-only), but the instructions ask users to run `npm install -g @membranehq/cli`. Installing a global npm package is a legitimate but non-trivial action and requires trusting the upstream package on npm.
Credentials
The skill declares no required env vars or credentials; authentication is delegated to Membrane. This is proportionate to the skill's purpose, but it means users must trust Membrane to hold/refresh ShipStation credentials and proxy API traffic.
Persistence & Privilege
The skill is not force-installed (always: false) and doesn't request system-level persistence or modify other skills. Autonomous invocation is allowed by default (disable-model-invocation: false), which is normal for skills and not itself flagged.
Assessment
This skill is coherent but depends on the Membrane service and its CLI. Before installing or using it: 1) Verify the @membranehq/cli package on npm (publisher, recent versions, popularity) and prefer installing from a trustworthy environment; avoid running global installs in sensitive machines without vetting. 2) Understand that Membrane will hold ShipStation credentials and proxy requests — review Membrane's privacy/security policy and the CLI code/repository if you require higher assurance. 3) In headless or shared environments, be cautious with browser-based auth flows and pasted auth codes. 4) If you need offline or self-hosted guarantees, request more details or a direct ShipStation-based integration instead.

Like a lobster shell, security has layers — review code before you run it.

latestvk97a1j0n041fbj0kgd5kr3ynb9842492

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments