ClawHub

Tinfoil Security

v1.0.2

Tinfoil Security integration. Manage data, records, and automate workflows. Use when the user wants to interact with Tinfoil Security data.

0· 86·0 current·0 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the instructions: the skill is an Integration wrapper that uses the Membrane CLI to manage Tinfoil Security data. Required capabilities (network, Membrane account, Membrane CLI) are appropriate for this purpose.
Instruction Scope
SKILL.md confines actions to Membrane CLI commands (login, connect, action list/run, request proxy). These are within scope, but the proxy feature explicitly sends API requests through Membrane — meaning data and API calls will transit a third-party service. The instructions also open a browser-based auth flow (or headless flow).
Install Mechanism
No install spec in the skill bundle, but the instructions recommend `npm install -g @membranehq/cli` or using npx. Installing a global npm CLI is a reasonable, common approach but carries typical supply-chain/privilege considerations; using `npx` or verifying the package and its publisher reduces risk.
Credentials
The skill requests no environment variables, no credentials, and advises against collecting API keys locally. It relies on Membrane to manage auth, which is proportionate to the stated integration purpose.
Persistence & Privilege
The skill is not always-enabled and is user-invocable. It does not request elevated platform privileges or persistent system modifications in the provided instructions.
Assessment
This skill appears coherent, but before installing: 1) understand that all requests and data will be proxied through Membrane — review their privacy, security, and retention policies and the connector permissions; 2) verify the npm package (@membranehq/cli) and publisher (use `npm view` or its GitHub repo) or prefer `npx` to avoid a global install; 3) avoid sending secrets or highly sensitive data in arbitrary proxy requests unless you trust Membrane; 4) run initial testing in an isolated or least-privilege environment and confirm the connector scopes during the browser login flow.

Like a lobster shell, security has layers — review code before you run it.

latestvk97aw8d7amhxr84aa8yymqycsn842qm0

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments