ClawHub

Rancher Labs

v1.0.2

Rancher Labs integration. Manage data, records, and automate workflows. Use when the user wants to interact with Rancher Labs data.

0· 82·0 current·0 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (Rancher integration) aligns with the instructions: all runtime actions target Rancher via the Membrane CLI. Nothing in the SKILL.md asks for unrelated cloud creds or system access.
Instruction Scope
Instructions are limited to installing and using the Membrane CLI (login, connect, action list/run, proxy). However, the skill relies on Membrane's proxy/auth service to mediate requests — that means Rancher API calls and credentials are handled via Membrane's infrastructure, so you must trust that third party.
Install Mechanism
This is an instruction-only skill (no install spec), but SKILL.md instructs installing @membranehq/cli via npm -g. Installing a global npm package is reasonable for a CLI but carries moderate risk if you don't trust the package or publisher; the registry package should be verified before installation.
Credentials
The skill declares no required env vars or credentials. It requires a Membrane account and network access, which are proportional to the stated purpose. The docs explicitly advise not to store local API keys and to use Membrane connections.
Persistence & Privilege
The skill does not request 'always' presence or system config changes. It is user-invocable and allows autonomous invocation (platform default) but does not ask for elevated or persistent privileges itself.
Assessment
This skill looks coherent for integrating Rancher via Membrane, but consider these before installing: - You must trust the Membrane service (getmembrane.com) because it will proxy Rancher API requests and manage credentials server-side — review Membrane's privacy/security and TOS. - Verify the npm package (@membranehq/cli) and its publisher (e.g., check the package page, GitHub repo, and recent releases) before running npm install -g. - The skill does not request local API keys (good) — follow the provided browser-based connection flow instead of pasting secrets. - If you operate sensitive clusters, consider testing in a limited/sandbox environment first and confirm what data Membrane will receive during proxy calls.

Like a lobster shell, security has layers — review code before you run it.

latestvk972wmbq2etydyrw3xd8vde32n843hxk

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments