ClawHub

Taskade

v1.0.0

Taskade integration. Manage data, records, and automate workflows. Use when the user wants to interact with Taskade data.

0· 87·0 current·0 all-time
byMembrane Dev@membranedev
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The name and description say 'Taskade integration' and the SKILL.md exclusively documents using the Membrane CLI to connect to Taskade, list actions, run actions, and proxy API requests. Requiring the Membrane CLI and a Membrane account is coherent with that purpose.
Instruction Scope
Runtime instructions are focused on installing and using the Membrane CLI, creating connections, listing actions, running actions, and proxying API calls. The doc does not instruct reading unrelated files or requesting unrelated credentials. It does allow arbitrary proxied API calls through Membrane (which is expected for an integration).
Install Mechanism
There is no platform install spec; the SKILL.md instructs users/agents to run `npm install -g @membranehq/cli` (or use npx). Installing a third-party npm CLI is a normal approach for this integration but carries the usual npm trust considerations (executing remote code from the npm registry).
Credentials
The skill requests no environment variables or local secrets and relies on Membrane's browser-based login/connector flow for auth. That is proportionate for a connector-style integration. Note: using Membrane means authentication tokens and proxied request payloads are handled by the Membrane service.
Persistence & Privilege
The skill does not request always-on presence and is instruction-only. The only persistence footprint would be installing the Membrane CLI on the host (per SKILL.md), which is a normal side-effect of using a CLI-based integration.
Assessment
This skill appears to do what it says: it uses the Membrane CLI to connect to Taskade and proxy API calls. Before installing or running it, consider the following: 1) Trust: Membrane will broker authentication and see proxied requests and potentially Taskade content — review Membrane's privacy/security docs and the CLI package source (npm/@membranehq/cli). 2) npm install risk: `npm install -g` executes third-party code — prefer using npx or pinning a known version. 3) Least privilege: when creating the Taskade connection, limit connector permissions/scopes to only what's needed. 4) Review actions: when running proxied endpoints or arbitrary actions, inspect the input/output schemas to avoid unintentionally exposing sensitive data. If you want higher assurance, ask the publisher for the exact CLI package checksum/version they expect, a link to the official Membrane docs for this connector, or a skill bundle that includes code (so a static scan can run).

Like a lobster shell, security has layers — review code before you run it.

latestvk974vvy0tg9186eavp2sjcn05984gm70

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments