ClawHub

Snatchbot

v1.0.0

SnatchBot integration. Manage data, records, and automate workflows. Use when the user wants to interact with SnatchBot data.

0· 92·0 current·0 all-time
byMembrane Dev@membranedev
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
CryptoCan make purchases
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The skill's name and description (SnatchBot integration) align with the runtime instructions: all operations are performed via the Membrane CLI which acts as a connector/proxy to SnatchBot. Minor inconsistency: the package requires installing the Membrane CLI (npm) but the registry metadata contains no install spec; this is an authoring omission rather than a capability mismatch.
Instruction Scope
SKILL.md instructs the agent to install and run the @membranehq/cli, perform membrane login, create connections, list and run actions, and use a membrane proxy to send arbitrary requests to SnatchBot. All steps are within the stated purpose, but the proxy capability means arbitrary API calls (and data) will flow through Membrane — a relevant privacy/trust consideration.
Install Mechanism
There is no formal install spec in the registry, but SKILL.md directs users to install a third-party npm package globally (npm install -g @membranehq/cli) or use npx. Installing a CLI from the public npm registry is a moderate-risk action (writes binaries to disk and executes third-party code) but is proportionate here because the skill depends on that CLI to authenticate and proxy requests.
Credentials
The skill requests no environment variables or local credentials. Instead it delegates auth to Membrane (membrane login / connect). This is proportionate for a connector-style integration. Note: delegating auth to an external service means the service will hold tokens/credentials on behalf of the user — assess whether you trust Membrane to handle those secrets and proxied data.
Persistence & Privilege
The skill does not request always:true, does not modify other skills, and makes no persistent system-wide claims. It relies on the Membrane CLI and user-initiated login flows; autonomous invocation is allowed by default but not combined with other concerning privileges.
Assessment
This skill is coherent: it uses the Membrane CLI to talk to SnatchBot and does not request unrelated secrets. Before installing, consider: 1) You will need to install a third-party CLI (npm global install is suggested); prefer using npx or review the package source on GitHub first. 2) Membrane will broker authentication and proxy your API calls — any data you send to SnatchBot through this skill will also transit (and likely be stored/handled) by Membrane. If you handle sensitive data, review Membrane’s privacy/security policies and the connector’s permissions. 3) Because SKILL.md (not the registry metadata) tells you to install the CLI, verify the CLI package and the repository (https://github.com/membranedev/application-skills and https://getmembrane.com) before proceeding. If you want lower risk, run CLI commands manually in a sandbox or use least-privilege test accounts.

Like a lobster shell, security has layers — review code before you run it.

latestvk97fhb687d9h22mymrgabfq0x584g9ex

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments