ClawHub

Quipu

v1.0.2

Quipu integration. Manage data, records, and automate workflows. Use when the user wants to interact with Quipu data.

0· 78·0 current·0 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The skill claims to integrate with Quipu and all instructions focus on using the Membrane CLI and Membrane-hosted connections to access Quipu. No unrelated credentials, binaries, or system paths are requested.
Instruction Scope
Runtime instructions stay within the stated purpose: install/use the Membrane CLI, authenticate, create/list connections, run actions, or proxy requests to Quipu. There are no instructions to read arbitrary local files or export unrelated environment variables.
Install Mechanism
This is an instruction-only skill (no install spec), but it directs the user to install @membranehq/cli via npm -g or to use npx in examples. Installing a global npm package changes the host environment and pulls code from the public npm registry — reasonable for a CLI but should be done only after verifying the package and source.
Credentials
No environment variables or credentials are required by the skill itself; SKILL.md correctly defers auth to Membrane's login flow and explicitly advises against asking users for API keys. The requested permissions (browser login, Membrane account) are proportional to the task.
Persistence & Privilege
The skill does not request always:true, does not modify other skills or system-wide agent settings, and relies on the Membrane service for credential handling. Autonomous invocation is permitted by default but not combined with other concerning privileges.
Assessment
This skill is coherent: it expects you to use the Membrane CLI and a Membrane account to connect to Quipu. Before installing or running: (1) Verify the @membranehq/cli package and the referenced GitHub repo to ensure you trust the publisher, (2) prefer on-demand invocation (npx) if you want to avoid a global npm install, (3) be aware that Membrane's servers will mediate requests and hold connection tokens — review their privacy/security documentation and the scopes you grant during login, and (4) do not supply API keys or secrets outside the documented Membrane login flow. If you need higher assurance, inspect the CLI source code or run it in an isolated environment.

Like a lobster shell, security has layers — review code before you run it.

latestvk97bmcprdg52nsyk883hmb458s843w8k

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments