ClawHub

Infinite Brassring

v1.0.2

Infinite BrassRing integration. Manage data, records, and automate workflows. Use when the user wants to interact with Infinite BrassRing data.

0· 41·0 current·0 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The name/description (BrassRing integration) match the instructions (use Membrane CLI to connect, list actions, run actions, and proxy requests). One minor inconsistency: the registry metadata declares no required binaries, but the SKILL.md expects npm and the membrane CLI to be installed.
Instruction Scope
All runtime instructions are scoped to discovering and running Membrane-provided actions or proxying API requests through Membrane. The skill does not instruct the agent to read unrelated files or env vars. Note: proxied requests and any data you send will transit Membrane's servers, so Membrane will see request payloads and response data.
Install Mechanism
There is no automated install spec in the registry (instruction-only), but SKILL.md tells users to run a global npm install (npm install -g @membranehq/cli). This is a manual install step — not executed by the platform — and requires trusting the npm package and that it comes from the official scope (@membranehq).
Credentials
The skill requests no environment variables or local credentials. It explicitly tells users not to provide API keys and relies on Membrane to manage auth server-side, which is proportionate for this integration.
Persistence & Privilege
The skill does not request always:true, does not modify other skills, and is user-invocable. There is no indication of elevated persistence or cross-skill configuration changes.
Scan Findings in Context
[no_code_to_scan] expected: The scanner found no code files because the skill is instruction-only (SKILL.md). This is expected; absence of findings is not evidence of safety — behavior is defined by the instructions.
Assessment
This skill delegates all communication and auth to Membrane. Before installing or using it: 1) Verify you trust Membrane (review https://getmembrane.com and the @membranehq/cli npm package and GitHub repo) because proxied requests and any candidate/job data will be handled by their service; 2) Be cautious about sending sensitive PII through a third-party proxy; 3) The SKILL.md tells you to install a global npm package — avoid installing global packages on sensitive systems without review; 4) Confirm the CLI package name and repository integrity (check package ownership, recent release history, and source code) and prefer installing in a controlled environment; 5) If you need stricter guarantees, ask for a versioned release/source audit or use a vetted enterprise connector rather than this community instruction-only skill.

Like a lobster shell, security has layers — review code before you run it.

latestvk97cqnyvvwmkexhzk4grwq10zx843bf1

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments