ClawHub

Knorish

v1.0.2

Knorish integration. Manage Users, Organizations, Courses, Funnels, Blogs, Affiliates and more. Use when the user wants to interact with Knorish data.

0· 89·0 current·0 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The skill name/description (Knorish integration) aligns with the instructions: it tells the agent to use the Membrane CLI to list connections, run actions, and proxy requests to Knorish. There are no unrelated credentials, binaries, or capabilities requested.
Instruction Scope
SKILL.md limits runtime behavior to installing/using the Membrane CLI, logging in, creating/using a Knorish connection, listing actions, running actions, and proxying requests. It does not instruct the agent to read unrelated files, exfiltrate environment variables, or modify system-wide configuration.
Install Mechanism
The skill is instruction-only (no install spec). It recommends installing @membranehq/cli via npm (npm install -g @membranehq/cli). Requiring a global npm package is expected for a CLI-driven integration but carries the usual npm risks (trust the package and publisher). The skill itself does not auto-install anything.
Credentials
The skill declares no required env vars, credentials, or config paths. Authentication is handled by Membrane CLI at runtime (interactive browser flow or headless code exchange), which is proportionate to the described integration.
Persistence & Privilege
Skill flags are default (always: false, user-invocable: true). There is no instruction to modify other skills or system-wide settings. Autonomous invocation is allowed by platform default but not elevated here.
Assessment
This skill is coherent and appears to do what it says: it uses the Membrane CLI to interact with Knorish. Before installing or using it, verify and accept the following: (1) trust the @membranehq/cli npm package and its publisher—review the package page, recent releases, and the GitHub repo; (2) understand that Membrane will hold and use credentials for Knorish on your behalf and can proxy arbitrary API requests for the connected account—verify connection scopes and limit them if possible; (3) installing a global npm package affects your environment—avoid installing on sensitive or production hosts without review; (4) because the CLI performs network requests and stores auth, use it only in environments you control. If you want stronger assurance, ask the skill author for the exact Membrane connector IDs, a link to the Membrane CLI repo, and the expected connection scopes before proceeding.

Like a lobster shell, security has layers — review code before you run it.

latestvk97d6zs6z89hvt20k591fngrbs8434fn

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments