ClawHub

Mend

v1.0.2

Mend integration. Manage data, records, and automate workflows. Use when the user wants to interact with Mend data.

0· 95·0 current·0 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The skill's name/description (Mend integration) matches the runtime instructions: it installs/uses the Membrane CLI to connect to Mend, list actions, run actions, and proxy API requests. There are no unrelated credentials, binaries, or paths requested.
Instruction Scope
SKILL.md only instructs installing/using the Membrane CLI, performing login/connection flows, listing/running actions, and proxying requests to the Mend API. It doesn't ask the agent to read unrelated files, environment variables, or exfiltrate data beyond interacting with Mend via Membrane.
Install Mechanism
This is an instruction-only skill (no install spec in registry) but it tells the user to run `npm install -g @membranehq/cli`. Installing a global npm package is expected for a CLI, but npm packages execute code on install/run and carry moderate risk — verify the package/source or prefer `npx`/ephemeral installs if you want to reduce footprint.
Credentials
The skill declares no required environment variables or credentials and recommends using Membrane-managed connections (server-side auth). This is proportionate for a connector that uses an external CLI to manage authentication.
Persistence & Privilege
No elevated privileges or 'always' persistence requested. The normal CLI login will store tokens locally as part of auth flows — expected for a CLI-based connector and within the skill's scope.
Assessment
This skill appears coherent and uses the Membrane CLI as intended to interact with Mend. Before installing: (1) verify you trust the @membranehq/cli package (check the npm package page and upstream GitHub), (2) consider using `npx` or an ephemeral install instead of a global `npm install -g` to avoid persistent code on your system, (3) remember the CLI will open a browser and store authentication tokens locally (review where the CLI stores credentials if that concerns you), and (4) limit which Mend account/tenant you connect to and use least-privilege connections. If you need stronger assurance, inspect the Membrane CLI source and the repository referenced in SKILL.md before proceeding.

Like a lobster shell, security has layers — review code before you run it.

latestvk975t98410yqwwh8bdfp90wg2d84383h

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments