ClawHub

Red Sift

v1.0.2

Red Sift integration. Manage data, records, and automate workflows. Use when the user wants to interact with Red Sift data.

0· 87·0 current·0 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The skill claims to integrate with Red Sift and its SKILL.md exclusively instructs the agent to use the Membrane CLI and Membrane proxy to interact with Red Sift APIs — this matches the stated purpose and does not request unrelated capabilities.
Instruction Scope
All runtime instructions are limited to installing and running the Membrane CLI, creating connections, listing actions, running actions, and proxying requests via Membrane. The docs do not instruct reading arbitrary local files, scanning unrelated services, or exfiltrating data outside the Membrane/Red Sift flow.
Install Mechanism
No bundled install spec in the skill; the SKILL.md asks the user to install @membranehq/cli via npm -g. Using a global npm package is reasonable for a CLI integration but carries the usual supply-chain/trust considerations (package integrity, publisher identity); the install is not an arbitrary download/extract from an unknown host.
Credentials
The skill declares no required environment variables or credentials and advises using Membrane to manage auth. It does not request unrelated tokens or filesystem config paths.
Persistence & Privilege
The skill is instruction-only, not always-included, and does not request elevated or persistent system privileges. It does not modify other skills or system-wide configuration.
Assessment
This skill is coherent with its stated purpose, but before installing: verify the @membranehq/cli package and publisher on npm (or use npx to avoid a global install), confirm the repository/homepage links are legitimate, and understand that Membrane will proxy arbitrary API calls for a connection — grant only the connector permissions you trust. If you prefer lower footprint, consider running the CLI in an isolated environment (container or VM) rather than as a global npm package.

Like a lobster shell, security has layers — review code before you run it.

latestvk97e33zrr1b063x8hf2xdzx96d843cj2

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments