Thoughtspot
v1.0.0ThoughtSpot integration. Manage data, records, and automate workflows. Use when the user wants to interact with ThoughtSpot data.
⭐ 0· 49·0 current·0 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name/description (ThoughtSpot integration) matches the instructions: all runtime steps use the Membrane CLI to discover connections, run actions, or proxy requests to ThoughtSpot. Required resources (network, Membrane account, Membrane CLI) are proportional to the stated purpose.
Instruction Scope
SKILL.md only tells the agent to install and run the Membrane CLI, create a Membrane connection to ThoughtSpot, discover actions, run actions, or proxy raw API requests. It does not instruct reading unrelated files, exporting environment secrets, or transmitting data to unrelated endpoints. It does recommend browser-based auth or headless login completion, which is expected for OAuth-like flows.
Install Mechanism
There is no embedded install spec in the registry metadata (skill is instruction-only), but the README instructs installing @membranehq/cli globally via npm (npm install -g). This is expected for a CLI-based integration but carries typical npm-global risks (package authenticity, system-wide binary). Recommend verifying the package source and using scoped or containerized environments if you want to limit risk.
Credentials
No environment variables, credentials, or config paths are requested by the skill. The SKILL.md explicitly advises letting Membrane manage credentials (no user-supplied API keys), which is consistent and proportionate.
Persistence & Privilege
always is false and the skill is user-invocable. There is no code to persist or modify other skills or system-wide settings. Autonomous invocation is allowed by platform default; that is normal and not by itself a concern here.
Assessment
This skill appears to do what it says: it relies on the Membrane CLI to talk to ThoughtSpot and does not ask for unrelated secrets. Before installing: (1) verify you trust @membranehq/cli and the getmembrane.com vendor (the CLI will act as a proxy and will see the data you send to ThoughtSpot), (2) prefer installing the CLI in a controlled environment (container, VM, or a non-root local setup) rather than globally if you want to limit system impact, (3) confirm the OAuth/browser login flow is acceptable for your security practices, and (4) review Membrane's privacy/security docs to understand how credentials and proxied data are handled. If you need stricter assurance, request a software bill of materials or checksum for the npm package or run the CLI in an isolated environment.Like a lobster shell, security has layers — review code before you run it.
latestvk978vg3y8252kxzaqf90dbzghh84dpy0
License
MIT-0
Free to use, modify, and redistribute. No attribution required.