ClawHub

Softledger

v1.0.0

SoftLedger integration. Manage data, records, and automate workflows. Use when the user wants to interact with SoftLedger data.

0· 58·0 current·0 all-time
byMembrane Dev@membranedev
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
CryptoCan make purchases
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (SoftLedger integration) matches the instructions: all runtime steps use the Membrane CLI to connect to SoftLedger and run actions or proxy API requests. No unrelated services, binaries, or credentials are requested.
Instruction Scope
SKILL.md stays on-topic: it tells the agent to install and use @membranehq/cli, log in, create or list connections, list and run actions, and proxy requests. It does not instruct reading arbitrary files, harvesting environment variables, or exfiltrating data to unexpected endpoints.
Install Mechanism
The skill is instruction-only (no bundled install spec), but recommends installing the Membrane CLI via `npm install -g @membranehq/cli` (and suggests npx). Installing a global npm package is a reasonable choice for a CLI but requires trusting the npm package and grants it filesystem/exec presence on the system — a normal tradeoff for CLI-based integrations.
Credentials
No environment variables, config paths, or credentials are declared or required by the skill. The instructions explicitly rely on Membrane to handle authentication rather than asking the user for SoftLedger API keys, which is proportionate to the stated purpose.
Persistence & Privilege
The skill does not request permanent presence (always:false) and is instruction-only with no embedded code that would modify agent configs. Autonomous invocation is allowed by default but is not combined with other concerning privileges here.
Assessment
This skill appears to do what it says: it uses the Membrane CLI to access SoftLedger. Before installing or using it, consider the following: - Installing the Membrane CLI requires running `npm install -g @membranehq/cli` (or using npx). Only install packages you trust from the npm registry and be aware that global CLI installs affect your system PATH. - The Membrane account you use will be able to access SoftLedger data on your behalf. Follow least-privilege practice: use an account or connection with limited permissions and review what scopes/access the connection grants. - Because the skill relies on a third-party service (Membrane) to mediate API access, review Membrane's privacy/security documentation and the repository/homepage links if you need stronger assurance. - If you do not want the agent to invoke this skill autonomously, restrict model/agent permissions or disable autonomous skill invocation in your agent configuration. Overall this skill is coherent and low-risk from an internal-consistency perspective, but you should still vet the Membrane CLI/package and the account permissions before granting access.

Like a lobster shell, security has layers — review code before you run it.

latestvk975vz1n70gqf12x45gr1kbx3s84a9jd

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments