ClawHub

Boost

v1.0.2

Boost integration. Manage data, records, and automate workflows. Use when the user wants to interact with Boost data.

0· 74·0 current·0 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The skill claims to integrate with Boost and instructs use of the Membrane CLI to manage connections, actions, and proxy requests — this matches the stated purpose. Minor inconsistency: the SKILL.md's 'Official docs' link points to a Microsoft Semantic Kernel page which is unrelated and appears to be a copy/paste error; otherwise capabilities align with purpose.
Instruction Scope
SKILL.md only instructs installing and using the Membrane CLI to authenticate, create connections, list/run actions, and proxy requests to Boost. It does not ask the agent to read unrelated files, access unrelated env vars, or transmit data to unexpected endpoints. The instructions assume network access and a Membrane account (expected).
Install Mechanism
There is no formal install spec in the manifest, but the instructions recommend installing @membranehq/cli via 'npm install -g', which pulls from the public npm registry. That is a common pattern but carries the usual npm risks (package trust, postinstall scripts, global install effects). This is moderate risk but expected for a CLI-based integration.
Credentials
The skill declares no required environment variables or credentials. Authentication is delegated to Membrane's CLI flow (browser-based login or headless code exchange), which is proportionate to the integration. Note: the CLI/session may persist credentials locally as part of normal operation — that local state is outside the skill manifest but expected for a CLI tool.
Persistence & Privilege
The skill is user-invocable and not forced-always. It does not request elevated platform privileges or claim persistent always-on behavior. The only persistence implied is installing the Membrane CLI if the user chooses to follow the instructions.
Assessment
This skill appears to do what it says: it uses the Membrane CLI to connect to Boost and run actions. Before installing/using it: 1) Verify the @membranehq/cli npm package and its maintainer (check the npm page, version, downloads, and repository) because global npm installs execute code on your machine. 2) Confirm you trust getmembrane.com / Membrane as the identity provider since the CLI handles your Boost credentials and may store session tokens locally. 3) Be aware that the CLI opens a browser for auth or prints a code for headless flows — follow your normal security practices when authenticating. 4) Note the minor documentation inconsistency (an unrelated 'Official docs' link); if you need higher assurance, inspect the referenced GitHub repository or ask the skill author for provenance before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk9759n83jtvqpgdc50h5vmj05s842ges

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments