ClawHub

Amazon Athena

v1.0.0

Amazon Athena integration. Manage data, records, and automate workflows. Use when the user wants to interact with Amazon Athena data.

0· 30·0 current·0 all-time
byMembrane Dev@membranedev
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The skill's name and description (Amazon Athena integration) match the instructions: it tells the agent to use the Membrane CLI and Membrane connections to talk to Athena. It does not request unrelated credentials, binaries, or system access that would be disproportionate to an Athena integration.
Instruction Scope
SKILL.md is limited to installing/using the @membranehq/cli, logging in, creating a Membrane connection to Athena, listing and running actions, and proxying requests. It does not instruct reading unrelated files, harvesting environment variables, or exfiltrating data outside the Membrane flow. The instructions are specific and scoped to the integration.
Install Mechanism
There is no automated install spec (instruction-only), but the doc recommends running `npm install -g @membranehq/cli`. Installing a global npm package runs third‑party code on the host — this is expected for a CLI but carries normal supply‑chain risk. The doc also suggests `npx` as an alternative, which avoids global install.
Credentials
The skill declares no required env vars or secrets, which is consistent. However, it relies on Membrane to manage credentials server‑side: creating a connection will cause the user to grant Membrane access to their Athena/AWS data. This is reasonable for a proxy-based integration but means users must trust Membrane's handling of credentials and scope of access.
Persistence & Privilege
The skill does not request always:true, does not alter other skills, and is instruction-only with no code persisted by the registry. Autonomous invocation remains enabled by default (platform behavior), which is not itself a red flag here.
Assessment
This skill is internally consistent and appears to do what it claims, but before installing: (1) verify the @membranehq/cli package and publisher on npm (or use `npx` to avoid a global install), (2) review Membrane's privacy/security docs and trustworthiness because you'll grant it access to Athena/AWS data, (3) when creating the connector, restrict the AWS/IAM permissions to the minimum necessary (avoid granting broad/admin access), and (4) prefer the browser-based auth flow and verify connector IDs and scopes shown during authentication. If you don't want a third party to proxy your queries, do not create a Membrane connection.

Like a lobster shell, security has layers — review code before you run it.

latestvk975n9zwp3nxvbvxww799myqvs848bqc

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments