ClawHub

Clickhouse

v1.0.2

ClickHouse integration. Manage data, records, and automate workflows. Use when the user wants to interact with ClickHouse data.

0· 104·1 current·1 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name and description (ClickHouse integration) match the SKILL.md, which instructs use of the Membrane CLI to manage ClickHouse connections and run queries. Nothing in the skill requests unrelated credentials, binaries, or config paths.
Instruction Scope
Instructions are limited to installing and using the Membrane CLI, creating connections, listing actions, running actions, and proxying requests to ClickHouse. They do not direct the agent to read arbitrary local files, access unrelated env vars, or exfiltrate data.
Install Mechanism
The SKILL.md tells users to run `npm install -g @membranehq/cli` (a global npm install). This is expected for a CLI-based integration but has the usual cautions of installing third-party global packages—no downloads from suspicious URLs or archives are instructed.
Credentials
The skill declares no required env vars, credentials, or config paths. The instructions rely on Membrane to manage credentials server-side and explicitly advise not to ask users for API keys.
Persistence & Privilege
The skill is instruction-only, has no install spec in the registry, and does not request 'always: true' or other elevated persistence. It does not modify other skills or system-wide configs.
Assessment
This skill is instruction-only and delegates ClickHouse access to the Membrane CLI. Before installing: (1) verify you trust the Membrane project and the npm package @membranehq/cli (check the npm page, GitHub repo, and release history); (2) be aware that `npm install -g` modifies your global binaries—prefer installing in a controlled environment if you're cautious; (3) the CLI opens a browser for login and manages credentials server-side, so you should not be asked for raw API keys; (4) confirm the connector/connection IDs and inspect any JSON you pass to commands before running them. If you need a higher assurance, review the Membrane CLI source (repository linked in SKILL.md) or test in an isolated environment first.

Like a lobster shell, security has layers — review code before you run it.

latestvk97bdgjs7g298ats7gt5fk7ra9842zre

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments