ClawHub

Whitehat Security

v1.0.2

WhiteHat Security integration. Manage data, records, and automate workflows. Use when the user wants to interact with WhiteHat Security data.

0· 58·0 current·0 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name and description promise a WhiteHat Security integration. All runtime instructions focus on using the Membrane CLI to discover actions, create a connection, run actions, and proxy API requests — which matches the stated purpose. No unrelated credentials or binaries are required.
Instruction Scope
SKILL.md only instructs installing and using the Membrane CLI, performing login (browser-based or headless flow), creating connections, listing actions, running actions, and proxying requests. It does not instruct reading arbitrary local files, requesting unrelated environment variables, or exfiltrating data outside the Membrane/WhiteHat flows.
Install Mechanism
The doc recommends installing @membranehq/cli globally via npm (npm install -g). This is a standard distribution channel (npm) but has the usual considerations of installing a third-party global package — it will write to disk and run code locally. No opaque downloads or archive extracts are suggested.
Credentials
The skill declares no required env vars or credentials and explicitly tells agents not to ask users for API keys. Authentication is delegated to Membrane (server-side). The requested access is proportional to the integration.
Persistence & Privilege
The skill is instruction-only, has no install spec, does not request always:true, and does not modify other skills or system-wide settings. It requires the user to run the Membrane CLI and to log in interactively — no elevated or persistent privileges are requested by the skill itself.
Assessment
This skill delegates auth and API proxying to the Membrane service and asks you to install the @membranehq/cli npm package. Before installing or using it: verify you trust the Membrane project (check the npm package publisher, GitHub repo, and homepage), be aware that authentication is handled server-side by Membrane (your WhiteHat credentials/tokens will be managed by their service), and avoid using this on extremely sensitive accounts unless you are comfortable with that arrangement. Installing a global npm package runs third-party code locally — review the package source if you need higher assurance.

Like a lobster shell, security has layers — review code before you run it.

latestvk97fb46b0e05k2zz5p1y49nxjx842eyw

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments