ClawHub

Pushbots

v1.0.0

PushBots integration. Manage data, records, and automate workflows. Use when the user wants to interact with PushBots data.

0· 49·0 current·0 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (PushBots integration) match the instructions: all operations are performed via the Membrane CLI which acts as a proxy/connector to PushBots. There are no extraneous required env vars, binaries, or config paths that don't belong to a connector-style integration.
Instruction Scope
SKILL.md only instructs using the Membrane CLI (login, connect, action list/run, and proxy requests). It does not ask the agent to read unrelated files, harvest local credentials, or send data to unexpected endpoints. The proxy feature means requests go through Membrane's service (documented in the file), which is expected for this design.
Install Mechanism
There is no registry install spec, but SKILL.md tells users to install @membranehq/cli via npm -g. Installing a global npm package runs third-party code on the host (moderate risk); this is proportional to the stated purpose but the user should verify the package source and prefer npx when possible to avoid persistent global installs.
Credentials
The skill declares no required environment variables or secrets. It relies on Membrane to handle authentication server-side, which aligns with the guidance in SKILL.md. No unrelated credentials are requested.
Persistence & Privilege
The skill is not forced-always and is user-invocable. It does not request persistent system-level presence, nor does it modify other skills or system-wide settings.
Assessment
This skill appears coherent, but before installing: 1) Verify the npm package scope (@membranehq) and package integrity on npm/github; 2) Prefer using npx or a non-global install if you want to avoid installing third-party code globally; 3) Be aware that API calls and data will be proxied through Membrane's service (review their privacy/security docs if you'll transmit sensitive data); 4) During headless login you may need to paste short-lived codes—do not share long-term credentials. If any of these points are unacceptable, do not install/use the skill.

Like a lobster shell, security has layers — review code before you run it.

latestvk979b4t3k633g6zrr0d97hpmxs84ejev

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments