ClawHub

Nowsecure

v1.0.2

NowSecure integration. Manage data, records, and automate workflows. Use when the user wants to interact with NowSecure data.

0· 90·0 current·0 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The skill claims to integrate NowSecure and its instructions use the Membrane CLI to create/search/connect to a NowSecure connector. Required items (network access, a Membrane account, and the Membrane CLI) align with the stated purpose and nothing extraneous (e.g., unrelated cloud credentials or system paths) is requested.
Instruction Scope
Instructions mainly describe installing the Membrane CLI, logging in, and using membrane commands to interact with NowSecure resources. This stays within the integration scope. Note: the Membrane CLI is a general integration platform — once authenticated it can manage many connectors and resources, so commands run by an agent could operate broadly depending on the authenticated account's permissions. The SKILL.md does not appear to instruct reading unrelated local files or environment variables.
Install Mechanism
Install instructions are a global npm install of @membranehq/cli (npm registry). This is a common and expected install method for a CLI but is higher risk than an instruction-only skill with no installs because it writes a global binary. The install target (npm) is a standard registry (not an unknown URL or archive).
Credentials
No environment variables or additional credentials are declared in the skill. The one required credential is the user's Membrane account (interactive login), which is proportional to a CLI-driven integration. Be aware that the Membrane account's permissions determine what the skill can do; the skill does not itself request unrelated secrets.
Persistence & Privilege
The skill does not request always:true or other elevated persistence. Model invocation is allowed (normal default). The skill does instruct the user to log in to Membrane, which will create local tokens via the CLI — this is expected and within scope for a CLI-based integration.
Assessment
This skill is coherent: it asks you to install the official Membrane CLI and sign in to your Membrane account so it can operate on a NowSecure connector. Before installing, verify the @membranehq/cli package on npm and the Membrane project/site (getmembrane.com) to ensure authenticity. Consider the permissions of the Membrane account you use — an account with wide privileges could allow the CLI (and any automated commands) to view or modify many resources, not only NowSecure data. If you want to limit risk, use an account with least privilege or test in a sandbox environment. Additionally, installing a global npm package modifies your system PATH — review package source and maintain updates as needed.

Like a lobster shell, security has layers — review code before you run it.

latestvk97epkrvdzrkcd72s6bvewq14x8422yf

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments