ClawHub

Ekata

v1.0.2

Ekata integration. Manage data, records, and automate workflows. Use when the user wants to interact with Ekata data.

0· 98·0 current·0 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description state an Ekata integration and every required action in SKILL.md is about using the Membrane CLI to connect to Ekata, run actions, or proxy API requests. There are no unrelated credentials, binaries, or configuration paths requested.
Instruction Scope
Runtime instructions only tell the agent/user to install and use the Membrane CLI (login, create connection, list/run actions, proxy requests). The SKILL.md does not instruct reading arbitrary files, other env vars, or exfiltrating data to unexpected endpoints. It explicitly recommends letting Membrane handle credentials rather than collecting API keys locally.
Install Mechanism
There is no packaged install spec in the skill; the doc instructs users to install @membranehq/cli globally via npm (a normal approach). Installing a global npm CLI is a moderate-risk operation compared with instruction-only skills, but it is proportionate here since the CLI is the documented integration mechanism. Verify the official Membrane package on npm before installing.
Credentials
The skill requests no environment variables or credentials and delegates auth to Membrane (which requires a Membrane account). This is proportionate to a proxy/integration skill; the central trust is with Membrane rather than the local agent.
Persistence & Privilege
always is false and there is no indication the skill modifies other skills or system-wide settings. It does rely on the Membrane service for auth/session lifecycle, which is expected behavior for this integration.
Assessment
This looks coherent, but before installing: 1) verify the official @membranehq/cli package on the npm registry and the Membrane project's homepage/repository to ensure authenticity; 2) consider using npx (npx @membranehq/cli action list ...) instead of a global npm -g install to reduce host-wide changes; 3) understand that Membrane will proxy requests and hold credentials — don't send highly sensitive PII unless you trust Membrane's privacy/security practices; 4) when you run membrane login, review the browser consent prompts and the connection IDs you create to ensure you link the intended Ekata account; and 5) if you need to audit behavior, check network activity and the Membrane account's logs. Proceed if you trust Membrane as the central integration layer.

Like a lobster shell, security has layers — review code before you run it.

latestvk9786gqjp540jpemhxa93dqwq9842fxh

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments