ClawHub

Knock

v1.0.2

Knock integration. Manage data, records, and automate workflows. Use when the user wants to interact with Knock data.

0· 121·0 current·0 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (Knock integration) matches the instructions: all actions are performed via the Membrane CLI and proxy to Knock. Nothing in the SKILL.md requests unrelated credentials, binaries, or system access.
Instruction Scope
Runtime instructions are limited to installing/using the Membrane CLI, logging in, listing/creating connections, running actions, and proxying requests to Knock. The doc does not instruct the agent to read local files, environment variables, or send data to unexpected endpoints.
Install Mechanism
There is no registry install spec, but the SKILL.md instructs users to install the @membranehq/cli via npm (global install) or use npx. This is a common approach for CLI tooling; it is a moderate-risk operation because it installs third-party code on the system. Verify the package and publisher before global install or prefer npx to avoid persistent installation.
Credentials
The skill declares no environment variables, credentials, or config paths and the instructions explicitly advise against asking users for API keys. The requirement for a Membrane account (and network access) is proportionate to the described functionality.
Persistence & Privilege
always is false and the skill has no install-time hooks or config modifications. It does not request persistent privileges or cross-skill configuration changes.
Assessment
This skill delegates Knock access to the Membrane service/CLI. Before installing: (1) confirm you trust Membrane (they will proxy and hold Knock credentials for connections), (2) prefer using npx or reviewing the @membranehq/cli package on npm/GitHub rather than doing a global npm install, (3) avoid entering any unrelated secrets, and (4) limit the Membrane account/connection permissions to only the Knock scope needed for your workflows.

Like a lobster shell, security has layers — review code before you run it.

latestvk97dnjfg1php93f0g3f6x4mkq9842e2z

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments