ClawHub

Kong

v1.0.2

Kong integration. Manage data, records, and automate workflows. Use when the user wants to interact with Kong data.

0· 90·0 current·0 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The skill declares it integrates with Kong and all runtime instructions use the Membrane CLI to discover connectors, create connections, run actions, and proxy requests to Kong. Requiring a Membrane account and network access is coherent with that purpose.
Instruction Scope
Instructions tell the agent to install and use the Membrane CLI, perform browser-based authentication, list/connect action IDs, run actions, and proxy arbitrary Kong API requests via Membrane. These steps stay within the stated purpose, but proxying requests means request payloads and credentials are sent to Membrane's service (expected but important to note).
Install Mechanism
No install spec is embedded in the skill bundle; the doc recommends installing @membranehq/cli from npm (npm install -g). Using an official-scoped npm package is expected, but global npm installs run third-party code and carry the usual supply-chain risks—using npx or reviewing the package is advisable.
Credentials
The skill declares no required environment variables or local config paths. That matches the instructions which rely on Membrane-managed credentials rather than local secrets. The only external dependency is the user's Membrane account.
Persistence & Privilege
The skill is not always-enabled and is user-invocable; it does not request system-wide config changes or access to other skills' credentials. Autonomous invocation is allowed by default but is not combined with other concerning privileges.
Assessment
This skill is coherent: it uses the Membrane CLI to talk to Kong and does not ask for unrelated secrets. Before installing, decide whether you trust the Membrane service to handle your Kong credentials and proxied request data (Membrane will see requests and manage auth). Prefer running with npx or reviewing the @membranehq/cli package on npm/GitHub rather than a global install if you want lower risk. If you need strict control over credentials or data residency, consider configuring a dedicated Membrane tenant or using a self-hosted alternative or direct Kong integration instead.

Like a lobster shell, security has layers — review code before you run it.

latestvk972rs5v78y73gyas230efvx4s842vy3

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments