ClawHub

Gleap

v1.0.2

Gleap integration. Manage data, records, and automate workflows. Use when the user wants to interact with Gleap data.

0· 53·0 current·0 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The skill claims to integrate Gleap and its SKILL.md exclusively uses the Membrane CLI and Membrane proxy to access Gleap APIs. The lack of required env vars or credentials is consistent with Membrane handling auth. Minor note: the registry metadata lists no required binaries but the runtime instructions ask the operator to install the Membrane CLI (npm), which is a reasonable runtime step for an instruction-only skill.
Instruction Scope
Instructions are scoped to discovering and running Membrane actions, creating/using connections, and optionally proxying requests to Gleap through Membrane. They do not ask the agent to read unrelated local files, environment variables, or system credentials. The workflow expects browser-based login or headless code-exchange for authentication.
Install Mechanism
There is no formal install spec (instruction-only), but SKILL.md tells users to run `npm install -g @membranehq/cli` or use `npx`. This is a common pattern but means code will be fetched from the public npm registry at runtime (moderate risk compared to pre-vetted binaries).
Credentials
The skill requests no environment variables or secrets. It explicitly advises not to ask users for API keys and to let Membrane manage credentials, which is proportionate for this integration.
Persistence & Privilege
always is false and the skill does not request persistent system-wide privileges or modify other skills' configs. It relies on a per-user Membrane connection established via browser auth.
Assessment
This skill is coherent: it uses the Membrane CLI to access Gleap and does not ask for extra secrets. Before installing, confirm you trust Membrane/@membranehq on npm and the listed homepage/repository, since the instructions will fetch and run code from npm (or npx). Use the browser login flow to avoid sharing raw tokens, review any connector IDs or actions Membrane requests access to, and prefer using npx or inspecting the CLI package version if you want to avoid a global install.

Like a lobster shell, security has layers — review code before you run it.

latestvk974jv554k8d01xtpfat7ejjg18423y8

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments