ClawHub

Slite

v1.0.2

Slite integration. Manage Documents. Use when the user wants to interact with Slite data.

0· 65·0 current·0 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The SKILL.md consistently describes using the Membrane CLI to connect to Slite and run actions or proxied API requests. Required capabilities (network access, a Membrane account) match the stated purpose; no unrelated services or credentials are requested.
Instruction Scope
Instructions are limited to installing/using the Membrane CLI, logging in, creating/listing connections, running actions, and optionally proxying requests to the Slite API. There are no instructions to read unrelated files or exfiltrate system data. The skill expects running shell commands and opening a browser for auth, which is appropriate for a CLI-based integration.
Install Mechanism
This is an instruction-only skill (no automated install). It tells users to install a third‑party npm package globally (npm install -g @membranehq/cli) or use npx. Installing an external CLI via npm is a normal choice for this integration but carries the usual supply-chain risk (package ownership/changes). The README examples use npx@latest in places, which is less persistent but still pulls remote code.
Credentials
The skill declares no required environment variables or secrets and explicitly advises against asking users for API keys, instead relying on Membrane to manage auth. That is proportionate to the stated function.
Persistence & Privilege
The skill does not request always-on presence and is user-invocable. It does not attempt to modify other skills or system-wide configs. Autonomous invocation is allowed by default (platform normal) but not combined with other red flags here.
Assessment
This skill is internally consistent: it delegates Slite access to the Membrane CLI and doesn't ask for unrelated secrets. Before installing or following the instructions: 1) vet the @membranehq/cli npm package (author, download counts, changelog, pinned version or checksum) rather than blindly installing latest globally; prefer npx with a pinned version or inspect the package source. 2) Understand that Membrane will act as a proxy and hold credentials/token refresh on your behalf — review their privacy/terms if you care about where data or tokens live. 3) Run the CLI in a controlled environment if you have strong security requirements (container or VM). 4) The skill is instruction-only and will not itself install software or run until you execute commands or the agent invokes it.

Like a lobster shell, security has layers — review code before you run it.

latestvk972mgzdqsyh0pgj1etwzcpkcs84216v

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments