ClawHub

Groundlight

v1.0.2

Groundlight integration. Manage data, records, and automate workflows. Use when the user wants to interact with Groundlight data.

0· 101·0 current·0 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (Groundlight integration) match the instructions: the SKILL.md documents using Membrane to connect to Groundlight, discover actions, run actions, and proxy API calls. Required capabilities (network access, Membrane account) are expected for this purpose.
Instruction Scope
Instructions are focused on installing and using the Membrane CLI to authenticate, list connections/actions, run actions, and proxy requests. One important note: requests are routed through Membrane's servers (the SKILL.md states this). That means user data and API payloads will be proxied through a third-party service.
Install Mechanism
This is an instruction-only skill (no install spec in the registry), but it tells the user to run `npm install -g @membranehq/cli`. Installing a global npm package is a normal but non-trivial action — verify the package name, publisher, and integrity on the npm registry before installing.
Credentials
The skill does not request environment variables, credentials, or config paths. The SKILL.md explicitly instructs not to collect API keys and to rely on Membrane-managed connections, which is proportionate to the stated functionality.
Persistence & Privilege
No persistent installation or elevated privileges are requested by the registry metadata (always:false, user-invocable). The skill is instruction-only and does not modify other skills or system-wide configuration.
Assessment
This skill delegates Groundlight access to the Membrane service and tells you to install the Membrane CLI (npm package). Before installing or using it: 1) Verify the @membranehq/cli package and publisher on the npm registry and inspect the repository (https://github.com/membranedev) for legitimacy; 2) Be aware that API calls and data will be proxied through Membrane's servers — do not send sensitive data unless you trust that service and its privacy/security posture; 3) The skill does not request local secrets or environment variables, which is good; 4) If you need guarantees about data residency or audit logs, confirm those with Membrane/Groundlight first.

Like a lobster shell, security has layers — review code before you run it.

latestvk97chqpj3cya28dwew03akt9qx843je3

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments