Amazon Sagemaker
v1.0.0Amazon Sagemaker integration. Manage data, records, and automate workflows. Use when the user wants to interact with Amazon Sagemaker data.
⭐ 0· 34·0 current·0 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
The name/description (Amazon Sagemaker integration) align with the instructions (use Membrane to connect, list actions, run actions, and proxy requests to SageMaker). All required resources (network access and a Membrane account) are reasonable for this purpose.
Instruction Scope
SKILL.md limits runtime actions to using the Membrane CLI (login, connect, action list/run, request). It does not instruct the agent to read unrelated files, system configs, or environment variables. Important privacy note: the instructions explicitly route API calls through Membrane's proxy, so requests and their payloads (potentially including dataset or model artifacts) will transit through and be handled by Membrane's servers.
Install Mechanism
There is no embedded install spec, but the doc tells users to run `npm install -g @membranehq/cli`. Installing a global npm package executes third‑party code on the host — a standard but non-trivial operation. This is expected for a CLI-driven integration but carries the usual risks of installing a package from the public registry.
Credentials
The skill requests no environment variables or local credentials; it explicitly advises letting Membrane handle AWS authentication rather than collecting API keys locally. That is proportionate, but it means users must trust Membrane with AWS credentials and API traffic.
Persistence & Privilege
The skill does not request always:true, does not include install-time programs, and does not modify other skills or system-wide settings. It is user-invocable and allowed to run autonomously per platform defaults, which is expected.
Assessment
This skill is coherent, but before installing or using it consider: (1) Membrane will mediate authentication and proxy your SageMaker API calls — any data, including datasets or model artifacts, may transit through Membrane; only use if you trust their service and privacy/security model. (2) The instructions ask you to run `npm install -g @membranehq/cli` — installing a global npm package runs third-party code locally; audit the package (check its npm page, maintainers, repository, recent publish history) or install in a sandbox/VM if you prefer isolation. (3) Review Membrane's docs/policies for data retention, access controls, and credential handling; if you cannot trust a third party with your AWS credentials or sensitive data, consider using official AWS tooling instead. (4) Because this is an instruction-only skill with no code included, there is limited static evidence available — if you want higher assurance, ask the publisher for provenance (package repository, package checksum, or signed releases).Like a lobster shell, security has layers — review code before you run it.
latestvk9790g4mg6x0xsa54ahfhgtpbh8450m3
License
MIT-0
Free to use, modify, and redistribute. No attribution required.