ClawHub

Dapr

v1.0.0

Dapr integration. Manage data, records, and automate workflows. Use when the user wants to interact with Dapr data.

0· 55·0 current·0 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The skill declares it integrates with Dapr via Membrane and all runtime instructions revolve around installing and using the @membranehq/cli to discover connections, run actions, and proxy requests to Dapr. The requested capabilities (network access, Membrane account) match the stated purpose.
Instruction Scope
SKILL.md only instructs the agent/user to install the Membrane CLI, authenticate via browser, list/connect to Dapr connectors, run actions, and proxy requests. It does not ask for unrelated files, environment variables, or system-wide configuration beyond normal CLI use.
Install Mechanism
This is an instruction-only skill (no install spec in metadata), but it tells users to install a global npm package (@membranehq/cli). Installing a global npm package executes code on the host and carries standard supply-chain risk; this is expected for a CLI-based integration but worth noting and verifying package provenance before installation.
Credentials
The skill requests no environment variables or credentials itself and relies on Membrane to handle auth. That is proportionate: a proxy/connector-oriented integration should use the connector's auth rather than requesting unrelated secrets.
Persistence & Privilege
The skill is not always-included and does not request elevated persistent privileges or modification of other skills. It only instructs use of a third-party CLI and runtime interactions with Membrane; autonomy is allowed (normal) but not combined with broad privileges.
Assessment
This skill is coherent: it uses Membrane's CLI to talk to Dapr and does not ask for unrelated secrets. Before installing, verify the @membranehq/cli package and publisher (npm listing, npmjs.org, repo) because installing a global npm package runs code on your machine. Prefer using Membrane's pre-built actions rather than raw proxy requests when possible (proxy can send arbitrary requests and data). If you have security concerns, run the CLI in a controlled environment (container or dedicated VM) and review Membrane's privacy/auth docs and the CLI source on GitHub before granting account access.

Like a lobster shell, security has layers — review code before you run it.

latestvk975fbsw777zd4ytcpn933qzkx84bxj6

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments