ClawHub

Silverfin

v1.0.2

Silverfin integration. Manage data, records, and automate workflows. Use when the user wants to interact with Silverfin data.

0· 78·0 current·0 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description say 'Silverfin integration' and the SKILL.md exclusively instructs the agent to use the Membrane CLI/proxy to operate on Silverfin resources. Required network access and a Membrane account are proportional and expected.
Instruction Scope
Instructions are limited to installing/using the Membrane CLI, creating/listing connections, running actions, and proxying requests to Silverfin. The doc explicitly warns not to ask users for API keys. It does not instruct reading unrelated files or harvesting other credentials.
Install Mechanism
This is an instruction-only skill (no install spec). It tells users to install the Membrane CLI via npm (npm install -g @membranehq/cli). That is a public npm package (traceable) but installing global npm packages requires privileged actions by the user — recommend verifying the package and vendor before installing.
Credentials
No environment variables, config paths, or secrets are requested by the skill. Authentication is delegated to Membrane (browser-based OAuth flow), which fits the described integration model.
Persistence & Privilege
Skill is not marked always:true and does not request persistent system-wide changes. It does not request elevation or modify other skills' config.
Assessment
This skill is internally consistent: it delegates auth to Membrane and instructs the agent to use the Membrane CLI to call Silverfin. Before installing/using it, verify you trust the Membrane service and the @membranehq/cli package (check npm and the vendor website), since the instructions ask you to install a global npm package and require network access and a Membrane account. Also be aware the skill can be invoked by the agent (default behavior), so only enable it for agents you trust. If you need stronger assurances, ask for the CLI package's source/release page and inspect its code or releases before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk978whsa1f70pfwdtps87ack6s843916

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments