ClawHub

Grist

v1.0.2

Grist integration. Manage Workspaces, Users, Roles. Use when the user wants to interact with Grist data.

0· 77·0 current·0 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The SKILL.md describes a Grist integration implemented via the Membrane CLI. It does not request unrelated credentials, binaries, or config paths. Requiring a Membrane account and network access matches the stated purpose.
Instruction Scope
Instructions tell the user/agent to install and run the Membrane CLI, authenticate, create a connection, run pre-built actions, and proxy arbitrary Grist API requests through Membrane. This is within scope for an integration but grants the ability to run any API action (including destructive ones like delete-document/delete-workspace) on the connected Grist account—expected for an integration but worth being aware of.
Install Mechanism
There is no registry install spec, but SKILL.md instructs running `npm install -g @membranehq/cli`. Installing a global npm package is a moderate-risk operation (it runs code from the npm registry). The package source (Membrane/@membranehq) appears consistent with the proxy described, but users should verify the CLI package before installing on sensitive hosts.
Credentials
The skill requests no environment variables or local credentials and instructs using Membrane to manage auth server-side. This is proportionate: using Membrane avoids local API keys and matches the documentation in SKILL.md.
Persistence & Privilege
The skill is not always-enabled and does not request elevated platform privileges or modify other skills. It allows normal autonomous invocation (the platform default); combined with the ability to call destructive actions through Membrane, that is expected for an integration but worth noting when granting agent autonomy.
Assessment
This skill delegates Grist access to the Membrane CLI. Before installing or using it: (1) verify and trust the @membranehq/cli npm package and its homepage/maintainer; (2) be aware that once you connect a Grist account, the agent (or any user following these instructions) can run arbitrary API actions including destructive ones (delete documents/workspaces) via Membrane; use a least-privilege or test account where possible; (3) on headless or shared machines, avoid installing global npm packages unless you understand the package and its implications; (4) if you want to limit risk, require manual confirmation before running destructive actions or disable autonomous invocation for this skill.

Like a lobster shell, security has layers — review code before you run it.

latestvk977nnewnpserbdwt2n1dp4wbn842e8j

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments