ClawHub

Paperspace

v1.0.0

Paperspace integration. Manage data, records, and automate workflows. Use when the user wants to interact with Paperspace data.

0· 35·0 current·0 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (Paperspace integration) matches the instructions: all runtime steps are about installing and using the Membrane CLI to connect to Paperspace and run actions. There are no unrelated credential requests, unexplained binaries, or extraneous capabilities.
Instruction Scope
Instructions tell the agent to install and run the Membrane CLI, create connections, list actions, run actions, and proxy raw API requests through Membrane. This stays within the Paperspace-integration purpose. Important note: proxying means requests and their payloads are sent through Membrane's service (their servers) — that is expected but is a privacy/ trust decision for the user.
Install Mechanism
The install instructions recommend npm install -g @membranehq/cli. Installing a global npm package is a standard way to get a CLI but has moderate operational risk (global install scripts, needs write permissions). The source is the npm registry rather than an arbitrary URL, which is reasonable for a CLI dependency.
Credentials
The skill does not request environment variables, config paths, or credentials. The SKILL.md explicitly instructs not to ask users for API keys and to let Membrane handle auth, so required permissions are proportionate to the stated purpose.
Persistence & Privilege
Flags show the skill is not always-on and is user-invocable. There is no request to modify other skills or system-wide settings. Autonomous invocation is allowed (platform default) but not combined with other concerning privileges.
Assessment
This skill is coherent: it instructs use of the Membrane CLI to integrate with Paperspace and does not ask for unrelated credentials. Before installing, consider: 1) installing a global npm package requires write permissions and executes package install scripts—review @membranehq/cli on npm/GitHub first; 2) Membrane proxies API calls and handles credentials server-side, so API requests and payloads will flow through Membrane's service (review their privacy/security docs and trustworthiness); 3) if you need stricter isolation, run the CLI in a controlled environment or inspect the CLI source; and 4) if the skill later requests local files, environment variables, or other credentials, treat that as a red flag. If you want a deeper assessment, provide the Membrane CLI package contents or the skill author/source for review.

Like a lobster shell, security has layers — review code before you run it.

latestvk978am247a5pm6hv03qft3ymk1844zca

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments