ClawHub

Chef

v1.0.2

Chef integration. Manage data, records, and automate workflows. Use when the user wants to interact with Chef data.

0· 92·0 current·0 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (Chef integration) align with instructions: all work is done via the Membrane CLI and Membrane connections to Chef. No unrelated credentials, binaries, or config paths are requested.
Instruction Scope
SKILL.md keeps scope to installing and using the Membrane CLI, creating connections, listing/running actions, and proxying Chef API calls. It does not instruct reading local files, unrelated env vars, or exfiltrating data to third-party endpoints beyond Membrane (which is expected for a proxy-based integration).
Install Mechanism
There is no registry install spec; the README instructs users to run `npm install -g @membranehq/cli` (and npx). Installing a global npm CLI is reasonable for this integration, but installing any third-party npm package runs code on the host — the user should trust the @membranehq package before installing.
Credentials
The skill declares no required env vars or credentials and relies on Membrane-managed connections and browser-based login. That matches the stated design (Membrane handles auth server-side).
Persistence & Privilege
The skill is instruction-only, has no 'always' flag, and does not request system-level persistence or modify other skills. Autonomous invocation is allowed (platform default) but not combined with elevated privileges here.
Assessment
This skill appears to do what it says: it uses the Membrane CLI to manage Chef via a proxied connection. Before installing or running it: (1) verify you trust the @membranehq npm package and its publisher because a global npm install runs code on your machine; (2) understand that Chef API traffic will be proxied through Membrane — review Membrane's privacy/security and your organization's policies before exposing sensitive infrastructure data; (3) if you don't want the agent to call this skill autonomously, disable model invocation for this skill in your agent settings or require explicit user invocation; and (4) in restricted or air-gapped environments, avoid installing third-party CLIs without approval.

Like a lobster shell, security has layers — review code before you run it.

latestvk97d2kd0s3hnq8j7x8j6x54sqh8432rt

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments