ClawHub

Basecone

v1.0.0

Basecone integration. Manage data, records, and automate workflows. Use when the user wants to interact with Basecone data.

0· 53·0 current·0 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
CryptoCan make purchases
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description say 'Basecone integration' and the runtime instructions use the Membrane CLI to connect to Basecone and run/proxy API calls. No unrelated credentials, binaries, or capabilities are requested.
Instruction Scope
SKILL.md only describes installing and using the Membrane CLI, logging in, creating/listing connections, running published actions, and proxying requests to the Basecone API. It does not instruct reading unrelated files, exfiltrating data, or accessing unrelated environment variables.
Install Mechanism
The registry contains no automated install spec (low static risk), but the instructions ask the user to run a global npm install (npm install -g @membranehq/cli). Installing an npm package globally runs remote code from the npm registry, which is normal for CLIs but carries the usual supply-chain risk—verify the package/org and prefer npx or pinned versions if you want less global footprint.
Credentials
The skill requests no environment variables or secrets. It explicitly directs the user to use Membrane-managed connections rather than local API keys, which is proportionate for a connector-style integration.
Persistence & Privilege
The skill is instruction-only, has no 'always' privilege, and does not request persistent system-level access or modify other skills/config. Autonomous invocation is allowed by default (normal) but does not combine with any other concerning privileges here.
Assessment
This skill appears coherent: it uses the Membrane CLI to interact with Basecone and does not ask for extra credentials. Before installing/using it, verify you trust the @membranehq package (check npm/org and the homepage), consider using npx or pinning a specific version instead of a global install to reduce global code execution, and be aware that running the CLI requires network access and a Membrane account (authentication occurs via your browser). The absence of static scan findings is expected for an instruction-only skill but is not a guarantee of safety—only install/run software you trust.

Like a lobster shell, security has layers — review code before you run it.

latestvk9739dyy9dwdsppt2xmzr9c7a584a4jw

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments