ClawHub

Knit

v1.0.0

Knit integration. Manage data, records, and automate workflows. Use when the user wants to interact with Knit data.

0· 57·0 current·0 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description say "Knit integration" and the SKILL.md consistently instructs the agent to use the Membrane CLI to connect to Knit, discover actions, run actions, or proxy API calls — this aligns with the stated purpose.
Instruction Scope
Runtime instructions only cover installing/using the Membrane CLI, logging in, creating connections, listing/running actions, and proxying requests via Membrane. The instructions do not tell the agent to read unrelated files or exfiltrate extra secrets. Note: the provided proxy capability allows arbitrary requests to Knit APIs via Membrane, which is expected but powerful and relies on Membrane's access controls.
Install Mechanism
No install spec in the package; SKILL.md recommends installing @membranehq/cli via npm -g (or shows npx usage elsewhere). Installing a global npm package is a moderate-risk operation because it executes third-party code on the host; this is proportionate but worth auditing or using npx/pinned versions instead.
Credentials
The skill declares no required env vars or secrets and tells users to rely on Membrane-managed connections rather than asking for API keys. Requiring a Membrane account and network access is reasonable for this integration.
Persistence & Privilege
always is false and the skill does not request persistent system privileges or modify other skills. Autonomous invocation is allowed (platform default) but not combined with elevated privileges here.
Assessment
This is an instruction-only integration that delegates auth and API access to the Membrane service. Before installing or running commands: (1) verify you trust the @membranehq/cli npm package (review the package source or prefer npx/@membranehq/cli@<pinned-version> instead of a global install), (2) review Membrane's privacy/permission model because Membrane will proxy requests and hold tokens for Knit, and (3) when creating a connection, grant the minimum permissions needed and avoid copying login codes into untrusted channels or logs.

Like a lobster shell, security has layers — review code before you run it.

latestvk97236r6dqa8qe3wndv6xhkh65844cxp

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments