ClawHub

Blackthorn

v1.0.0

Blackthorn integration. Manage data, records, and automate workflows. Use when the user wants to interact with Blackthorn data.

0· 30·0 current·0 all-time
byMembrane Dev@membranedev
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
CryptoCan make purchases
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the instructions: the SKILL.md tells the agent to use the Membrane CLI to connect to Blackthorn, list/run actions, and proxy requests. All requested capabilities (network access, Membrane account) are consistent with a Blackthorn integration.
Instruction Scope
Runtime instructions are concrete and scoped: install Membrane CLI, run login/connect/action/request commands, and use Membrane's proxy for direct API calls. The instructions do not ask the agent to read unrelated files, access other environment variables, or exfiltrate data. The doc explicitly warns not to ask users for API keys.
Install Mechanism
This is an instruction-only skill (no automated install spec). It recommends installing @membranehq/cli via npm (or using npx). Advising a public npm package is expected for a CLI integration; there is no opaque download URL or automated arbitrary code install in the skill metadata.
Credentials
The skill declares no required env vars or credentials. Authentication is handled via Membrane's browser login flow and server-side credential management, which is proportionate to the task. Note: this means Membrane will broker and store the downstream service credentials, so trust in Membrane is required.
Persistence & Privilege
always is false and the skill does not request persistent system-wide privileges or modify other skills' configurations. Autonomous invocation is allowed (platform default) but not combined with other concerning privileges.
Assessment
This skill appears internally consistent: it instructs using the Membrane CLI to connect to Blackthorn and does not ask for unrelated secrets. Before installing, verify that you trust Membrane (https://getmembrane.com) because it will broker and store Blackthorn credentials and API requests. Prefer using npx if you don't want a global npm install; confirm the CLI package and repository are legitimate; avoid pasting service credentials into chat and complete authentication only through the official browser login flow described. If you need stricter control over credentials or data residency, review Membrane's security/privacy docs or consider connecting directly to Blackthorn via your own integration instead.

Like a lobster shell, security has layers — review code before you run it.

latestvk972qysgyj9cc0yv3gz4hf5p9h848q14

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments