ClawHub

Vindicia

v1.0.0

Vindicia integration. Manage data, records, and automate workflows. Use when the user wants to interact with Vindicia data.

0· 50·0 current·0 all-time
byMembrane Dev@membranedev
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
CryptoCan make purchases
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The skill declares Vindicia integration and instructs the user to use the Membrane CLI to connect, discover, and run Vindicia actions. The required network access and Membrane account match that purpose; no unrelated credentials or system access are requested.
Instruction Scope
Instructions are limited to installing/using the Membrane CLI, creating connections, listing/running actions, and proxying requests through Membrane. This stays within the stated scope. Note: proxying requests via Membrane means request payloads and responses will transit Membrane's service — consider privacy of any sensitive data you send.
Install Mechanism
There is no registry install spec (this is instruction-only). The guide recommends npm install -g @membranehq/cli (a public npm package). Using a third-party global npm install is a normal but moderately sensitive step — it writes a binary to your system PATH and pulls code from npm. Verify the package and repository before installing; prefer npx for one-off use if you want to avoid a global install.
Credentials
The skill requests no environment variables or credentials locally and relies on Membrane to manage auth. That is proportionate to its purpose. There are no hidden requests for unrelated secrets or config paths in the instructions.
Persistence & Privilege
always is false and the skill does not request persistent platform privileges or modify other skills. Normal autonomous invocation is allowed (platform default). The skill does not ask to store secrets or alter system-wide agent settings.
Assessment
This skill appears to do what it says: it delegates Vindicia work to Membrane's CLI. Before installing or using it, verify the @membranehq/cli package and its GitHub repo (ensure the publisher is legitimate), and be aware that requests and credentials are proxied through Membrane's service (so avoid sending highly sensitive data unless you trust their privacy/security posture). If you prefer not to install a global npm package, use npx for one-off runs or run the CLI in a controlled environment. No local secrets or unusual system access are requested by the skill itself.

Like a lobster shell, security has layers — review code before you run it.

latestvk975fsmnwfhyftpe70vesgemgh84eaep

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments