ClawHub

Wayfront

v1.0.1

Connect to a Wayfront workspace via MCP and query business data — clients, orders, tickets, subscriptions, invoices, and more. Schema-first: discovers availa...

0· 95·0 current·0 all-time
by@wayfront-bot
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description, the SKILL.md guidance, and the declared primary credential (WAYFRONT_MCP_TOKEN) all align: the skill is designed to discover MCP tool schemas and call list/show endpoints for clients, orders, tickets, invoices, subscriptions, etc. No unrelated credentials or binaries are requested.
Instruction Scope
Runtime instructions are schema-first and limited to calling Wayfront MCP tools (list/show, filters, pagination). The document does not instruct reading unrelated files, environment variables, or transmitting data to third-party endpoints. Error handling and workflows focus on the Wayfront API.
Install Mechanism
This is an instruction-only skill with no install spec or code files (low-risk). The SKILL.md mentions `install: clawhub install wayfront` in its header, but the registry entry provides no install artifact — this is a documentation-only reference rather than an installer payload. No remote downloads or archive extracts are present.
Credentials
Only a single primary credential (WAYFRONT_MCP_TOKEN) is required, which is appropriate for an API-integration skill. No additional unrelated secrets or config paths are requested.
Persistence & Privilege
Skill is not marked always: true and requests no system-level config changes. Model invocation is allowed (the platform default) but that is expected for an API integration skill. No evidence it modifies other skills or global agent settings.
Assessment
This skill appears to be what it says: a schema-driven Wayfront MCP query helper that needs a WAYFRONT_MCP_TOKEN. Before installing, provision a least-privilege token (read-only if possible) scoped to the workspace you intend to access. Confirm token scope and rotate/revoke it if you stop using the skill. Note the SKILL.md references a `clawhub install` command but no installer is bundled in the registry entry — treat that as documentation rather than an automatic downloader. Finally, if you allow the agent to call skills autonomously, be aware the agent could query workspace data using the provided token; limit the token scope and monitor workspace access/audit logs accordingly.

Like a lobster shell, security has layers — review code before you run it.

latestvk973epsjah4hbak450jphsa29h83259b

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Primary envWAYFRONT_MCP_TOKEN

Comments