ClawHub

Threat Stack

v1.0.2

Threat Stack integration. Manage data, records, and automate workflows. Use when the user wants to interact with Threat Stack data.

0· 53·0 current·0 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description say it integrates with Threat Stack and the SKILL.md instructs using Membrane to create a Threat Stack connection, list/run actions, and proxy API requests — this is coherent and appropriate for the stated purpose.
Instruction Scope
Runtime instructions are limited to installing and using the Membrane CLI, logging in, creating/using a Threat Stack connection, listing actions, running actions, and proxying requests. Instructions do not ask the agent to read unrelated files, export environment secrets, or send data to endpoints outside Membrane/Threat Stack.
Install Mechanism
The skill is instruction-only (no install spec). It tells users to install @membranehq/cli via npm -g or use npx. Installing a global npm package is a standard pattern but does run code from the public npm registry — review and trust @membranehq/cli before installing. The use of npx @membranehq/cli@latest is also suggested in places (inconsistency) and runs the latest remote code on demand.
Credentials
The skill requests no environment variables, no credentials, and no config paths. Authentication is delegated to Membrane (the instructions explicitly advise against asking users for API keys). This is proportionate to the skill's function.
Persistence & Privilege
No special persistence is requested (always:false). The skill is user-invocable and allows model invocation (platform default) but does not demand elevated platform privileges or modify other skills/configs.
Assessment
This skill is instruction-only and delegates auth and API proxying to Membrane. Before installing/use: 1) Verify you trust Membrane (getmembrane.com) because API calls and credential handling will go through their service; 2) Review the @membranehq/cli package source or vendor reputation before running npm -g (or prefer npx to avoid global installs); 3) Be aware that using Membrane's proxy means Threat Stack data will transit through Membrane servers — ensure this meets your data-handling and compliance needs; 4) Note small inconsistencies in the doc (it alternates between recommending a global install and npx@latest) — prefer pinned versions if you require reproducibility. If you need the agent to keep Threat Stack data private without a third party, this skill’s architecture (proxy via Membrane) may not meet that requirement.

Like a lobster shell, security has layers — review code before you run it.

latestvk9798e8jf4md462scekc4g23rh842kjr

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments