ClawHub

Chattermill

v1.0.2

Chattermill integration. Manage data, records, and automate workflows. Use when the user wants to interact with Chattermill data.

0· 55·0 current·0 all-time
byMembrane Dev@membranedev
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The skill's name/description (Chattermill integration) align with the instructions (use Membrane to connect to Chattermill). Minor mismatch: registry metadata lists no required binaries, but the SKILL.md instructs installing the @membranehq/cli npm package (so a 'membrane' binary is implicitly required). This is plausible but worth noting.
Instruction Scope
SKILL.md confines runtime actions to installing/using the Membrane CLI, creating connections, listing actions, running actions, and proxying requests to Chattermill. It does not instruct reading unrelated files, accessing arbitrary env vars, or exfiltrating data to unexpected endpoints.
Install Mechanism
There is no automated install spec in the registry (instruction-only), but the docs instruct users to run npm install -g @membranehq/cli or use npx. Installing a global npm package is a reasonable approach here, but users should verify the package origin and contents before installing globally (or prefer npx to avoid persistent global installs).
Credentials
The skill requests no environment variables or secrets. SKILL.md explicitly advises not to ask users for API keys and to let Membrane handle auth, which is proportionate to the stated purpose.
Persistence & Privilege
The skill is not always-enabled and is user-invocable. It does not request system-wide configuration changes or persistent privileges beyond running the Membrane CLI when invoked.
Assessment
This skill is instruction-only and coherent for interacting with Chattermill via the Membrane proxy, but before installing/running anything: (1) verify the @membranehq/cli package on npm and prefer npx to avoid global installs; (2) confirm the Membrane domain (getmembrane.com) and review its privacy/auth docs so you understand what the proxy will have access to; (3) perform browser login flows in a trusted environment (don't paste credentials into chat); (4) be aware that the Membrane proxy can make arbitrary Chattermill API calls on your behalf — only grant connections you trust; (5) if you need higher assurance, inspect the CLI source code or run it in an isolated environment. Overall the skill appears consistent with its described purpose.

Like a lobster shell, security has layers — review code before you run it.

latestvk9770z05varwatj8xbkg3x9wd1843nw6

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments