ClawHub

Bright Security

v1.0.0

Bright Security integration. Manage data, records, and automate workflows. Use when the user wants to interact with Bright Security data.

0· 53·0 current·0 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (Bright Security integration) match the instructions: the SKILL.md tells the agent to use the Membrane CLI to discover connectors, create connections, run actions, or proxy requests to the Bright Security API. No unrelated services, credentials, or files are requested.
Instruction Scope
Instructions are limited to installing/using the Membrane CLI, performing connector discovery, creating connections via browser-based auth, running actions, and proxying API requests. They do not instruct reading local credentials or unrelated system files, nor do they direct data to unexpected endpoints beyond Membrane/Bright Security.
Install Mechanism
The skill recommends installing @membranehq/cli via npm -g and also shows npx usage. Installing an npm package and using npx fetches third-party code from the public registry (moderate trust required). This is expected for a CLI integration but carries the usual supply-chain risk of npm packages and the elevated scope of a global install.
Credentials
No environment variables, local config paths, or credentials are requested by the skill. The workflow relies on Membrane-managed connections (browser auth) rather than asking for API keys locally, which is proportionate to the stated purpose.
Persistence & Privilege
Skill is instruction-only, has no install spec in the package, and does not request 'always: true' or persistent elevated privileges. Autonomous invocation (model invocation enabled) is the platform default and not, by itself, a concern.
Assessment
This skill is coherent: it tells you to install and use the Membrane CLI to integrate Bright Security and does not ask for unrelated secrets. Before installing, verify the @membranehq/cli package and the Membrane service (getmembrane.com) are the official projects you expect. Consider these precautions: (1) prefer running a pinned CLI version (npx @membranehq/cli@<version>) instead of pulling latest to reduce supply-chain risk; (2) review the npm package owner and recent release history; (3) be mindful that npm -g modifies your environment—avoid running it as root on shared machines; (4) when creating connectors, check what data/permissions the connector will have access to in Bright Security; and (5) if you use CI/headless systems, follow the documented headless auth flow carefully and avoid exposing any codes or tokens in logs. If you need higher assurance, ask the skill author for a signed source repo or an official confirmation that the CLI and connector IDs are legitimate.

Like a lobster shell, security has layers — review code before you run it.

latestvk97dfsza9arz89dyqfgca4rtkx84a8wg

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments