ClawHub

Passcreator

v1.0.2

Passcreator integration. Manage Users, Organizations. Use when the user wants to interact with Passcreator data.

0· 113·0 current·0 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The SKILL.md describes connecting to Passcreator and managing users/orgs via Membrane, and all required actions (creating a connection, listing actions, running actions, proxying requests) align with that purpose. No unrelated credentials, binaries, or config paths are requested.
Instruction Scope
Runtime instructions are limited to installing/using the Membrane CLI, authenticating via Membrane, listing/connecting actions, and proxying API calls to Passcreator. The instructions do not ask the agent to read unrelated files, harvest local secrets, or transmit data to unknown endpoints beyond Membrane/Passcreator.
Install Mechanism
The skill recommends installing the @membranehq/cli via npm (-g) or using npx. Installing a global npm package is a normal distribution mechanism but grants that package the ability to run locally; verify the package's authenticity and source (official Membrane package and repo). No downloads from untrusted URLs or archive extraction are present.
Credentials
No environment variables, local config paths, or credentials are requested by the skill. The SKILL.md explicitly advises against asking users for API keys and relies on Membrane to manage auth, which is proportional to the described functionality.
Persistence & Privilege
The skill does not request always: true or other elevated persistence. It relies on an external CLI and the Membrane service; autonomous invocation is allowed by platform default but not requested to be forcibly always-on.
Assessment
This skill is internally consistent: it uses the Membrane CLI to manage Passcreator access and does not ask for local secrets. Before installing, verify you trust Membrane (getmembrane.com) because Membrane will proxy requests and handle credentials (Membrane will therefore see request/response data). Prefer using npx (npx @membranehq/cli@latest ...) if you do not want a global install, or inspect the @membranehq/cli package source on GitHub. Confirm your organization's policies about third-party credential management and avoid running untrusted membrane request/action commands that could expose sensitive items. If you want to limit autonomous agent actions, consider disabling model-invocation for the skill or review prompts/permissions before allowing it to run commands on your behalf.

Like a lobster shell, security has layers — review code before you run it.

latestvk973yn29ct3v5zc7dct2j9g1hx843xnf

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments