ClawHub

Amazon Cognito

v1.0.0

Amazon Cognito integration. Manage data, records, and automate workflows. Use when the user wants to interact with Amazon Cognito data.

0· 30·0 current·0 all-time
byMembrane Dev@membranedev
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (Amazon Cognito integration) aligns with the content: SKILL.md exclusively documents using the Membrane CLI to manage Cognito resources and run actions. There are no unrelated credentials, binaries, or install steps that don't fit the stated purpose.
Instruction Scope
Runtime instructions are constrained to installing/using the Membrane CLI, logging in, creating a connection, listing actions, running actions, and proxying requests to Cognito. These are within scope, but the instructions explicitly route API calls and authentication through Membrane's servers — meaning Cognito requests and any returned data will transit/terminate at a third party (Membrane). This is expected for a proxy-based integration but is important for privacy/trust considerations.
Install Mechanism
No install spec in the package registry; the SKILL.md recommends installing @membranehq/cli via npm install -g. This is a standard public npm package install (moderate risk compared to no install). It's proportionate to the skill's operation, but global npm installs introduce the usual supply-chain and privilege considerations.
Credentials
The skill declares no required env vars, no config paths, and no local credentials. That is coherent. One caveat: credentials and auth are handled server-side by Membrane, so you will be delegating access to a third party rather than storing secrets locally — this is a design choice, not an incoherence.
Persistence & Privilege
The skill is instruction-only, does not request always:true, and does not modify other skills or agent-wide settings. Autonomous invocation is allowed (platform default) but not exceptional here.
Assessment
This skill is internally consistent: it simply instructs the agent to use the Membrane CLI to connect to Amazon Cognito. Before installing or using it, consider the following in plain terms: - Trust: Using this skill routes Cognito API calls and authentication through Membrane (getmembrane.com). That service will see requests and responses, so only use it if you trust that third party and its security/privacy practices. - Least privilege: If possible, use a dedicated AWS/Cognito environment or account with limited scope for integrations, not your production tenant. - Review the CLI: Verify the @membranehq/cli package and the referenced GitHub repo match the published project and review its permissions/behavior (or use npx to avoid a global install). - Alternatives: If you cannot entrust a third party with Cognito data, interact directly with AWS Cognito via native AWS SDKs/CLI and explicit AWS credentials instead of a proxy. Overall: coherent and expected for a proxy-based integration, but data will be handled by Membrane — weigh that trust decision before proceeding.

Like a lobster shell, security has layers — review code before you run it.

latestvk978px8wwx3zctf10r94s85a0x847eqf

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments