ClawHub

Holobuilder

v1.0.2

HoloBuilder integration. Manage data, records, and automate workflows. Use when the user wants to interact with HoloBuilder data.

0· 89·0 current·0 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The skill declares it integrates with HoloBuilder and all runtime instructions show how to use the Membrane CLI to discover connectors, create connections, run actions, and proxy API requests — these requirements match the stated purpose.
Instruction Scope
SKILL.md contains concrete CLI steps (install membrane CLI, login, list/connect/run actions, proxy requests). It does not instruct reading unrelated files or environment variables, nor does it direct data to unexpected endpoints beyond using Membrane as a proxy.
Install Mechanism
The skill is instruction-only (no install spec), but recommends npm installing @membranehq/cli (and uses npx in examples). This is a common pattern but users should verify the CLI package identity and be aware that global npm installs and npx can modify the system or pull code at runtime.
Credentials
The skill declares no required env vars or credentials and relies on hosted Membrane authentication (browser flow). It does not request unrelated secrets or local config access.
Persistence & Privilege
always is false, no install spec or code writes are included, and the skill does not request persistent or elevated agent-wide privileges.
Assessment
This is an instruction-only integration that uses the Membrane CLI to access HoloBuilder. Before installing or running the CLI: verify the @membranehq/cli package source (review the package on npm and the linked repository), confirm your organization’s policy for installing global npm packages or running npx, and review Membrane’s privacy/permissions since proxied requests and tokens will be handled server-side by Membrane. If you need stricter control, consider pinning a CLI version rather than using npx@latest and inspect the package code/repo before granting access to production accounts.

Like a lobster shell, security has layers — review code before you run it.

latestvk97drmf4zr24y29vmampj1r5wx843hpk

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments