ClawHub

Pylon

v1.0.2

Pylon integration. Manage data, records, and automate workflows. Use when the user wants to interact with Pylon data.

0· 67·0 current·0 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description claim a Pylon integration and all runtime instructions are about using the Membrane CLI to connect to Pylon, discover actions, run them, or proxy API requests. Asking to install the Membrane CLI and to have a Membrane account is coherent with the stated purpose.
Instruction Scope
SKILL.md instructs installing/running the Membrane CLI, performing browser-based login, creating connections, listing actions, running actions, and proxying requests. These steps stay within the integration's scope. Note: the instructions rely on Membrane as an intermediary (it will proxy requests and hold auth server-side), so data and credentials flow through Membrane by design.
Install Mechanism
The skill is instruction-only (no install spec in metadata) but tells users to run `npm install -g @membranehq/cli` or use `npx ...`. Installing from the public npm registry is expected for this CLI, but it is a moderate-risk operation compared to an instruction-only skill with zero install steps — review/verify the package and source if you have supply-chain concerns.
Credentials
No environment variables or credentials are requested by the skill. Authentication is handled via Membrane's browser login flow; this is proportionate for a connector that proxies to an external SaaS and is consistent with the guidance to avoid asking the user for API keys.
Persistence & Privilege
always:false (no forced presence). disable-model-invocation:false is the platform default, so the skill may be invoked autonomously by agents. This is expected, but users should be aware an autonomous agent could run Membrane CLI commands (including proxying requests that access Pylon data) if permitted.
Assessment
This skill appears to do exactly what it says: it uses the Membrane CLI to connect to and act on Pylon data. Before installing or using it, consider: 1) You will need to install the @membranehq/cli package (npm install or npx) — verify the package and its repository if you have supply-chain concerns. 2) Authentication is via browser-based Membrane login; Membrane will hold and refresh credentials and proxy API requests, so you must trust Membrane with access to your Pylon data. 3) If you plan to allow autonomous agent invocation, be aware the agent could run CLI commands that read or modify Pylon data — limit the agent's scope or run in an isolated environment if the data is sensitive. 4) If your environment forbids global npm installs, follow your org's policies or run the CLI in a controlled container. Overall the skill is internally consistent, but evaluate trust in the Membrane service and the npm package before proceeding.

Like a lobster shell, security has layers — review code before you run it.

latestvk97c9c5rceerzj66eq1zvr9dsx843n22

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments