ClawHub

Entrust Datacard

v1.0.2

Entrust Datacard integration. Manage data, records, and automate workflows. Use when the user wants to interact with Entrust Datacard data.

0· 48·0 current·0 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The skill's name/description match the instructions: it integrates with Entrust Datacard by using Membrane as a connector/proxy. Requiring the Membrane CLI and browser-based login is consistent with that purpose.
Instruction Scope
SKILL.md only instructs use of the Membrane CLI, browser-based login, listing/connecting actions, and proxying requests to Entrust endpoints. It does not request unrelated file reads, additional environment variables, or exfiltration steps.
Install Mechanism
There is no packaged install spec in the registry; the instructions tell the user to run `npm install -g @membranehq/cli`. Installing a global npm package is common but carries standard supply-chain risk (npm package execution). The package is scoped to @membranehq (reasonable), but you should verify the package and its publisher before global installation.
Credentials
The skill declares no required env vars, no credentials, and SKILL.md explicitly recommends letting Membrane handle auth rather than asking for API keys. Requested access is proportional to the stated functionality.
Persistence & Privilege
The skill is instruction-only, not always-enabled, and doesn't request system-wide config changes or persistent elevated privileges. Autonomous invocation is allowed (platform default) but not unusually broad here.
Assessment
This skill is coherent but depends on the Membrane service and its CLI. Before installing or using it: 1) verify the @membranehq CLI package on npm and the referenced GitHub repo are legitimate and match your organization’s supply-chain policies; 2) understand that Membrane will proxy and handle authentication for Entrust Datacard calls — data and tokens will transit/likely be stored on Membrane servers, so confirm privacy/compliance requirements for sensitive Entrust data; 3) prefer using npx or a containerized install if you want to avoid a global npm install; 4) do not provide Entrust credentials directly to the agent — follow the login/connection flow the SKILL.md describes; and 5) if you need stronger assurance, review the Membrane CLI source code and privacy/security docs or test in an isolated environment first.

Like a lobster shell, security has layers — review code before you run it.

latestvk975dfhaxmskatyayxbd0gghq9842ttv

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments