ClawHub

Strongdm

v1.0.0

StrongDM integration. Manage data, records, and automate workflows. Use when the user wants to interact with StrongDM data.

0· 51·0 current·0 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description match the instructions: the skill delegates StrongDM access through the Membrane CLI and Membrane account. Requested capabilities (network access, Membrane account) are coherent with this purpose.
Instruction Scope
SKILL.md contains concrete CLI workflows (install Membrane CLI, login, list connections/actions, run actions, proxy requests). It does not instruct reading unrelated system files or environment variables, nor does it direct data to unexpected endpoints beyond Membrane/StrongDM.
Install Mechanism
The skill is instruction-only (no automatic install spec), but it tells users to run `npm install -g @membranehq/cli` / use `npx`. Installing global npm packages executes code from the npm registry and may require elevated permissions; this is common for CLI tools but worth noting.
Credentials
The skill declares no required env vars or credentials and explicitly tells agents not to ask for API keys, instead relying on Membrane to manage auth. No disproportionate credential requests are present.
Persistence & Privilege
The skill does not request always:true, does not modify other skills or agent-wide config in the instructions, and uses standard CLI auth flows. Autonomous invocation is allowed (platform default) and not by itself a concern here.
Assessment
This skill appears to do what it claims: it uses the Membrane CLI to proxy StrongDM API calls. Before installing or using it, consider: (1) The SKILL.md asks you to install @membranehq/cli via `npm -g` or use `npx` — global npm installs run code from the npm registry and may require admin rights. Only proceed if you trust the Membrane project and npm package. (2) It requires a Membrane account and will open a browser for interactive auth (or a headless flow). The agent running this skill will be able to act through your Membrane connection against StrongDM resources — review what resources the Membrane connection grants. (3) The registry metadata shows Source: unknown; verify the homepage and repository URLs (getmembrane.com and the GitHub repo) yourself if provenance matters. (4) If you want to limit risk, avoid granting the agent broad autonomous permissions, or run Membrane commands manually rather than allowing the agent to execute them automatically.

Like a lobster shell, security has layers — review code before you run it.

latestvk9783vtc91wbh6s1cw2np0vhkh844gd8

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments