ClawHub

Visiblethread

v1.0.0

VisibleThread integration. Manage data, records, and automate workflows. Use when the user wants to interact with VisibleThread data.

0· 48·0 current·0 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The skill claims to integrate with VisibleThread and the SKILL.md exclusively instructs the agent to use the Membrane CLI to connect, list actions, run actions, or proxy API requests. There are no unrelated credentials, binaries, or filesystem paths requested.
Instruction Scope
Instructions are scoped to installing/using the Membrane CLI, performing interactive login, creating connections, listing actions, running actions, and proxying requests to the VisibleThread API via Membrane. The instructions do not ask the agent to read unrelated files, environment variables, or system state.
Install Mechanism
This is an instruction-only skill (no install spec in registry), but it tells users to install @membranehq/cli via `npm install -g`. Installing global npm packages is a common pattern but does pull code from the npm registry and may require elevated permissions on some systems. The install source is a public npm package (not a random URL).
Credentials
The skill requests no environment variables or secrets in metadata and explicitly instructs not to ask users for API keys (Membrane handles auth server-side). It does require the user to have a Membrane account and to complete interactive login, which is consistent with the described flow.
Persistence & Privilege
The skill does not request persistent system presence; registry flags show always:false and normal user-invocable/autonomous invocation defaults. The SKILL.md does not direct the agent to modify other skills or system-wide settings.
Assessment
This skill is instruction-only and delegates all work to the Membrane CLI. Before installing or using it: 1) confirm you trust Membrane (@membranehq) and its CLI package on npm (review project/homepage and, if needed, the source repo); 2) be aware `npm install -g` will download and install code from the npm registry and may require elevated permissions—consider installing in an isolated environment (container, VM, or node version manager); 3) the CLI login flow opens a browser and grants Membrane access to VisibleThread on your behalf — treat this as granting a third-party service access to your VisibleThread data; 4) because the skill contains no code to audit, you cannot inspect behavior beyond following Membrane docs — if you need stronger assurance, review the Membrane CLI source or use an account with limited privileges. Overall the skill is coherent with its purpose but relies on trusting the Membrane service and its CLI.

Like a lobster shell, security has layers — review code before you run it.

latestvk9771fnagxgzy8vtc4dnkcrf7984bamx

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments