ClawHub

Jupiterone

v1.0.0

JupiterOne integration. Manage data, records, and automate workflows. Use when the user wants to interact with JupiterOne data.

0· 53·0 current·0 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The skill is explicitly an integration for JupiterOne and all instructions use the Membrane CLI to discover connections, run actions, and proxy requests to the JupiterOne API. There are no unrelated credential requests, binaries, or config paths.
Instruction Scope
SKILL.md stays on-topic: it describes installing and using the Membrane CLI, creating a connector, listing actions, running actions, and proxying requests to JupiterOne. It does not instruct the agent to read arbitrary files, harvest unrelated credentials, or transmit data to endpoints outside of Membrane/JupiterOne.
Install Mechanism
This is an instruction-only skill (no install spec in registry), but SKILL.md tells users to install @membranehq/cli via npm (-g) and suggests npx @membranehq/cli@latest for some commands. Installing a global npm package or invoking latest from the registry carries the typical trust/ supply-chain risks of any npm package; otherwise the install instructions are appropriate for the stated functionality.
Credentials
The skill declares no required environment variables or config paths and explicitly advises using Membrane to manage credentials rather than requesting API keys. It does note a Membrane account and network access are required, which is proportional to the described integration.
Persistence & Privilege
The skill is instruction-only, does not request permanent presence (always: false), and does not modify other skills or system-wide agent settings. Default autonomous invocation is allowed but is not combined with other red flags.
Assessment
This skill is coherent: it uses the Membrane CLI to interact with JupiterOne rather than asking for raw API keys. Before installing or running commands, verify you trust the @membranehq package (check the npm package page and GitHub repo), prefer using npx or pinning a specific version instead of installing -g@latest, and consider running the CLI in a constrained environment (container or limited account) if you have supply-chain concerns. Also confirm your Membrane account permissions and privacy policy because Membrane will broker authenticated requests to your JupiterOne data.

Like a lobster shell, security has layers — review code before you run it.

latestvk970pwsa7zbrzgqcm4wfc4zesh8484xt

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments