ClawHub

Xata

v1.0.0

Xata integration. Manage data, records, and automate workflows. Use when the user wants to interact with Xata data.

0· 54·0 current·0 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (Xata integration) match the instructions: the SKILL.md shows how to use the Membrane CLI to connect to Xata, list actions, run actions, and proxy requests. There are no unrelated environment variables, binaries, or config paths requested.
Instruction Scope
Instructions are scoped to installing/using Membrane CLI, creating connections, running actions, and proxying requests to Xata. They do not instruct reading unrelated files, harvesting environment variables, or exfiltrating data to unexpected endpoints.
Install Mechanism
No formal install spec in the skill bundle, but SKILL.md tells the user to run `npm install -g @membranehq/cli`. This is a normal way to get a CLI but it downloads and installs third‑party code globally—verify the package source, version, and trustworthiness. The skill also suggests `npx` in one spot which avoids a global install; consider using npx or a contained environment.
Credentials
The skill declares no required environment variables or credentials. It relies on Membrane to manage auth server‑side and instructs the user to authenticate via browser, which is consistent with the described workflow.
Persistence & Privilege
The skill does not request 'always' presence, does not modify other skills or system-wide settings, and has no install artifacts declared in the bundle. It is an instruction-only skill with no inherent persistent privileges.
Assessment
This skill is coherent and appears to do what it says: use the Membrane CLI to interact with Xata. Before installing or running it: 1) Verify the Membrane CLI package (@membranehq/cli) on npm and the vendor (membrane) — check the package page, recent publish activity, and repository. 2) Prefer running commands with npx or in an isolated environment (container/VM) instead of `npm install -g` if you want to avoid a global install. 3) Understand that authenticating via the browser grants Membrane (a third‑party service) access to your Xata connection — only proceed if you trust that provider. 4) If you have strict security requirements, review Membrane's privacy/permissions and consider creating limited-scope accounts for testing. If any part of the vendor or CLI looks unfamiliar or untrusted, do not install or authenticate.

Like a lobster shell, security has layers — review code before you run it.

latestvk971jdstry2aprrye93e9rk93d84d0cy

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments