ClawHub

Zoho Sign

v1.0.2

Zoho Sign integration. Manage data, records, and automate workflows. Use when the user wants to interact with Zoho Sign data.

0· 95·0 current·0 all-time
byMembrane Dev@membranedev
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (Zoho Sign integration) matches the instructions (use Membrane CLI to create connections, list actions, run actions, and proxy requests to Zoho Sign). No unrelated credentials, binaries, or config paths are requested.
Instruction Scope
SKILL.md only instructs installing and using the Membrane CLI, logging in via browser, creating a connector/connection, listing/running actions, or proxying requests to Zoho Sign. It does not ask the agent to read unrelated files, access unrelated env vars, or exfiltrate data to unexpected endpoints.
Install Mechanism
This is an instruction-only skill (no install spec). It recommends installing @membranehq/cli via npm -g. Requiring a global npm package is reasonable for CLI usage but carries the usual trust risk of third-party npm packages; verify the package owner and repository before installation.
Credentials
No environment variables or credentials are declared or requested. SKILL.md explicitly instructs not to ask users for API keys and to let Membrane handle auth, which is proportionate for this integration.
Persistence & Privilege
The skill does not request always:true, does not modify other skills or system-wide settings, and uses normal autonomous-invocation defaults. No elevated persistence or privileges are requested.
Assessment
This skill appears to do what it says: it uses Membrane's CLI as a proxy to Zoho Sign. Before installing/using the CLI, verify the @membranehq/cli npm package and its GitHub repo (ensure publisher and repo match), and confirm the getmembrane.com / membrane project is the intended provider. When you create a connection, review the OAuth scopes/permissions requested for Zoho Sign and grant least privilege. Avoid pasting secrets into chat; follow the login flow in a browser as instructed. If you prefer not to install a global npm package, consider running the CLI via npx to avoid global installs.

Like a lobster shell, security has layers — review code before you run it.

latestvk97c5dsgjyqq937a7y6h8y0ke5842bhb

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments