ClawHub

Cyberark

v1.0.2

CyberArk integration. Manage data, records, and automate workflows. Use when the user wants to interact with CyberArk data.

0· 55·0 current·0 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (CyberArk integration) align with the instructions: the SKILL.md consistently describes using the MembraneCLI as a proxy to interact with CyberArk. Nothing requested (no unrelated env vars or binaries) is out of scope for a CyberArk integration that relies on a third-party connector service.
Instruction Scope
Runtime instructions are limited to installing and using the Membrane CLI, logging in, creating a connection, listing actions, running actions, and proxying requests. The instructions do not ask the agent to read local files or unrelated environment variables, nor do they direct data to unexpected endpoints beyond Membrane/CyberArk.
Install Mechanism
The skill is instruction-only and recommends installing @membranehq/cli via npm (-g). This is a normal, moderate-risk instruction (public npm package). There is no automated install spec in the registry metadata, so install is manual and under the user's control.
Credentials
The skill does not request any environment variables or credentials in the registry, and the SKILL.md explicitly relies on Membrane to manage credentials (browser-based login and server-side auth). That design is proportionate for a connector that should avoid local secret handling.
Persistence & Privilege
The skill is not always-enabled and is user-invocable. It does not request system-wide config changes or persistent elevated privileges. Note: normal platform behavior allows autonomous invocation (disable-model-invocation is false) but that is not itself flagged and the skill is not force-included.
Assessment
This skill is coherent: it delegates auth and API calls to the Membrane service and instructs you to install the @membranehq/cli npm package. Before using it, verify you trust the Membrane service and the npm package (check the package/maintainer, repo, and package integrity). Be aware that connecting this skill to your CyberArk instance via Membrane will allow actions that can read or modify privileged data — prefer a least-privilege test account, review which connectors/actions are being granted, and avoid connecting production secrets until you confirm behavior. Installing global npm packages requires appropriate system privileges; run installs under policies you control. Finally, consider that the agent may invoke the skill when permitted—confirm you are comfortable with the agent accessing the Membrane connection you create.

Like a lobster shell, security has layers — review code before you run it.

latestvk9740yncw9hvr34917znv0f6zn842fkf

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments