ClawHub

Range

v1.0.2

Range integration. Manage Workspaces. Use when the user wants to interact with Range data.

0· 100·1 current·1 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description say 'Range integration' and all instructions center on using the Membrane CLI to connect to Range and run actions or proxy requests — requested capabilities align with the stated purpose.
Instruction Scope
SKILL.md restricts runtime actions to installing and running the Membrane CLI and using it to manage connections and actions; it does not instruct reading unrelated files, environment variables, or exfiltrating data to unknown endpoints. It does require network access and a Membrane account, which is appropriate.
Install Mechanism
The skill is instruction-only and asks users to install @membranehq/cli via 'npm install -g'. This is a standard public npm package install (moderate trust surface). Because there is no install spec in the package itself, the user runs the install manually — verify the package/author before installing globally.
Credentials
No environment variables, secrets, or config paths are requested. Authentication is delegated to Membrane's browser-based OAuth flow, which is consistent with the declared behavior.
Persistence & Privilege
The skill does not request persistent or elevated platform privileges (always=false) and does not modify other skills or system-wide configs in its instructions.
Assessment
This skill appears coherent and limited in scope, but before installing: (1) verify you trust getmembrane.com and the @membranehq/cli npm package and its publisher; (2) prefer installing the CLI in a controlled environment (local dev container or virtual environment) rather than system-wide if you have concerns about global npm installs; (3) remember Membrane will proxy requests to Range — data you send will transit / may be stored by Membrane, so review their privacy/security docs and the Range connection permissions; (4) avoid running these commands in untrusted CI or automation without reviewing outputs, since browser-based auth will produce connection IDs and tokens managed by Membrane.

Like a lobster shell, security has layers — review code before you run it.

latestvk97a7ch71z7byb6gfczmbp0xan843nh5

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments