ClawHub

Sonatype

v1.0.0

Sonatype integration. Manage data, records, and automate workflows. Use when the user wants to interact with Sonatype data.

0· 53·0 current·0 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (Sonatype integration) match the instructions: all runtime guidance centers on using the Membrane CLI to discover and call Sonatype-related actions or proxy API requests. Requiring the Membrane CLI is reasonable for a Membrane-based integration.
Instruction Scope
SKILL.md limits actions to installing and using the @membranehq/cli, performing login flows, listing/connecting actions, running actions, and proxying API calls via Membrane. It does not instruct reading unrelated local files or environment variables. It does assume network access and interactive/browser authentication for the user.
Install Mechanism
No packaged install spec is embedded in the skill (instruction-only), but it directs installing @membranehq/cli via npm (-g). Installing global npm packages is common and expected here, but npm installs carry typical supply-chain/install-time risks (verify package provenance and update policies).
Credentials
The skill declares no required environment variables, no credentials, and no config paths. It relies on Membrane to manage auth, which is consistent with its guidance to create connections rather than storing API keys locally.
Persistence & Privilege
always:false and user-invocable:true are appropriate. The skill does not request persistent elevated privileges or modify other skills' configs.
Assessment
This skill is coherent and uses the Membrane CLI to access Sonatype. Before installing, consider: 1) You will rely on the third-party Membrane service to broker authentication and proxy requests to Sonatype — review Membrane's privacy/security and the permissions granted to any connection. 2) The SKILL asks you to install a global npm package (@membranehq/cli); validate its source, keep it updated, and use standard npm-security hygiene (npm audit, verify package owner). 3) The skill will perform network operations and open a browser for interactive login; do not provide unrelated local secrets. If you need stronger assurance, verify the Membrane CLI package and the Membrane account configuration/policies before use.

Like a lobster shell, security has layers — review code before you run it.

latestvk97bexg7jqr5vn0811wtx1s3k584drn1

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments