ClawHub

Slash Graphql

v1.0.2

Slash GraphQL integration. Manage data, records, and automate workflows. Use when the user wants to interact with Slash GraphQL data.

0· 98·0 current·0 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (Slash GraphQL integration) matches the runtime instructions: discover connections, run actions, and proxy GraphQL requests via the Membrane CLI. The homepage and repository URLs in SKILL.md point at Membrane, which is consistent with the stated integration.
Instruction Scope
SKILL.md confines the agent to installing/using the Membrane CLI, performing login via browser, listing/connecting to connectors, running actions, and proxying requests. It does not instruct reading unrelated files, accessing unrelated environment variables, or exfiltrating data outside the Membrane proxy path. Headless login and use of `membrane request` are explicitly described and within scope.
Install Mechanism
There is no manifest install spec (instruction-only), lowering risk. However, the doc recommends `npm install -g @membranehq/cli` (a global npm install) and also shows npx usage. Installing a CLI from npm is a normal choice but carries typical supply-chain risk; prefer `npx` or verify the npm package and its publisher before doing a global install.
Credentials
The skill declares no required env vars, no config paths, and the instructions explicitly advise not to ask users for API keys (Membrane handles auth). Network access and a Membrane account are necessary and proportionate to the skill's purpose.
Persistence & Privilege
The skill is not always-enabled and does not request elevated or persistent system privileges. As an instruction-only skill, it does not modify other skills or system-wide agent settings.
Assessment
This skill appears to do what it says: use the Membrane CLI to interact with Slash GraphQL. Before installing or running anything: 1) verify the npm package @membranehq/cli (publisher, download count, README) on the npm registry; 2) prefer `npx @membranehq/cli@latest ...` over `npm install -g` if you want to avoid a global install; 3) expect a browser-based OAuth flow—do not paste secrets into chat; 4) if running in an automated/headless environment, review the headless login flow output to ensure it doesn't ask you to transmit sensitive tokens in cleartext; 5) if you need higher assurance, review the CLI source at the repository URL before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk97e0qjzprmm3fh92ethgag8z5842a31

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments