ClawHub

Orama

v1.0.2

Orama integration. Manage data, records, and automate workflows. Use when the user wants to interact with Orama data.

0· 88·0 current·0 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (Orama integration) matches the instructions: installing and using the Membrane CLI to connect to Orama and run/search actions. No unrelated credentials, binaries, or paths are requested.
Instruction Scope
Instructions are limited to installing and using the Membrane CLI, logging in via browser, creating connections, listing/running actions, and proxying requests. One notable point: the skill recommends using Membrane's proxy to send arbitrary HTTP requests — that will transmit request data through Membrane's service, which is expected for this workflow but is a privacy/third-party-transmission consideration.
Install Mechanism
No formal install spec is embedded; the SKILL.md instructs installing @membranehq/cli via npm -g (or using npx). This is a common, expected approach but does modify the environment (global npm install). The instruction-only nature means nothing is written by the skill itself.
Credentials
No environment variables, credentials, or config paths are requested by the skill. The only external requirement is a Membrane account and network access, which matches the described usage where Membrane handles auth server-side.
Persistence & Privilege
always is false and the skill has no install scripts or capability to persist or modify other skills. It relies on the externally installed CLI for any state, which is scoped to the user's environment and Membrane account.
Assessment
This skill is coherent: it simply documents using the Membrane CLI to talk to Orama. Before installing/using it: (1) verify you trust Membrane (requests/proxy traffic and auth happen via their service); avoid sending secrets or highly sensitive PII through the proxy unless you accept that third-party handling. (2) Prefer npx for one-off usage if you don't want a global npm install. (3) Confirm the official package/repository and package publisher (npm/@membranehq) before installing to reduce supply-chain risk. If you see any unexpected environment-variable or credential requests, or commands that read unrelated local files, treat that as suspicious.

Like a lobster shell, security has layers — review code before you run it.

latestvk973jm0ysk48jetyrppb66k5598438x4

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments