ClawHub

Braze

v1.0.2

Braze integration. Manage data, records, and automate workflows. Use when the user wants to interact with Braze data.

0· 113·0 current·0 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (Braze integration) matches the instructions: it tells the agent to use the Membrane CLI to connect to Braze, list/run actions, and proxy requests. No unrelated credentials, binaries, or config paths are requested.
Instruction Scope
SKILL.md instructs the agent to install and run the Membrane CLI, log in, create connections, list/run actions, and proxy arbitrary Braze API calls. These instructions stay within Braze/Membrane boundaries, but include destructive operations (delete-users) and message-sending which are powerful — the agent could modify or delete production data if invoked with a live account.
Install Mechanism
There is no formal install spec; the instructions recommend `npm install -g @membranehq/cli` (public npm). Installing a global npm package is a typical way to get a CLI but carries the usual npm risks (postinstall scripts, supply-chain). This is proportional to the task but worth noting.
Credentials
No environment variables or unrelated credentials are requested. The skill expects a Membrane account and browser-based login flow; that is reasonable for delegating Braze auth to Membrane.
Persistence & Privilege
always is false and the skill is user-invocable. It does not request persistent privileges or system-wide configuration changes. Autonomous invocation is allowed by platform default but not indicated as escalated here.
Assessment
This skill is coherent for interacting with Braze via the Membrane CLI, but take these precautions before installing: (1) The SKILL.md recommends a global npm install — verify package authenticity (@membranehq/cli) and consider installing in an isolated environment to avoid supply-chain risk. (2) The skill will require you to log into Membrane and authorize access to Braze; review what permissions are granted. (3) Several actions can change or delete production data (send-messages, delete-users, update-subscription-status) — avoid running destructive actions on live accounts without explicit user confirmation. (4) If you allow an autonomous agent to invoke this skill, limit its scope or permissions for safety. If you want additional assurance, confirm the Membrane CLI package/repo and the connector configuration before use.

Like a lobster shell, security has layers — review code before you run it.

latestvk970w3d2syecd34g5hq9w04zf5843msw

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments