ClawHub

Dynatrace Api

v1.0.2

Dynatrace API integration. Manage Organizations. Use when the user wants to interact with Dynatrace API data.

0· 117·0 current·0 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (Dynatrace API integration) matches the instructions. The SKILL.md consistently directs the agent to use the Membrane CLI to create connections, run actions, and proxy requests to Dynatrace, which is a reasonable implementation for this purpose.
Instruction Scope
Instructions are limited to installing and using the Membrane CLI, logging in via browser, creating/using connector connections, listing/running actions, and proxying Dynatrace requests. The instructions do not ask the agent to read unrelated files, export arbitrary environment variables, or exfiltrate data to unexpected endpoints; proxying arbitrary Dynatrace API paths is within the stated purpose.
Install Mechanism
This is an instruction-only skill (no install spec in registry), but the README tells users to run `npm install -g @membranehq/cli`. Installing a global npm CLI is a standard but moderate-risk action (executes third-party code on the host). The guidance should remind users to verify the npm package/source and to run installs in appropriate environments.
Credentials
The skill declares no required environment variables or credentials; it relies on Membrane's CLI/browser-based login to manage auth. That is proportionate for a connector-based Dynatrace integration. Users should still expect the connector to obtain Dynatrace access tokens via the Membrane account.
Persistence & Privilege
always is false and the skill is user-invocable. It does not request persistent system-wide privileges or modify other skills. Autonomous invocation is allowed (platform default) and is not combined with other concerning flags.
Scan Findings in Context
[NO_FINDINGS] expected: The scanner found no code to analyze because this is an instruction-only skill (SKILL.md). Manual review of the instructions is therefore the primary source of security signal.
Assessment
This skill appears coherent: it instructs using the Membrane CLI to connect to Dynatrace and run proxied API calls. Before installing/using it: 1) Verify the @membranehq/cli package and its provenance (review the npm package page and the repository) before running a global npm install; 2) Use a least-privilege Dynatrace account or API token for connector authorization; 3) Be cautious when using the proxy command — it can send arbitrary requests to your Dynatrace tenancy and may expose sensitive telemetry or config if misused; 4) Prefer installing/testing in an isolated environment (or container) if you are unsure; 5) Review the Membrane connector permissions and audit logs after connecting. If you need a higher-assurance review, provide the Membrane CLI package version and the connector’s requested scopes/permissions so those can be checked.

Like a lobster shell, security has layers — review code before you run it.

latestvk9722sz1htwknrm4a191n2fah98430kf

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments