ClawHub

Chocolatey

v1.0.0

Chocolatey integration. Manage data, records, and automate workflows. Use when the user wants to interact with Chocolatey data.

0· 51·0 current·0 all-time
byMembrane Dev@membranedev
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (Chocolatey integration) matches the instructions: all runtime steps use the Membrane CLI to create a Chocolatey connection, list actions, run actions, or proxy requests. Recommending installation of @membranehq/cli via npm is coherent with the skill's stated workflow.
Instruction Scope
SKILL.md only instructs the agent/operator to install and use the Membrane CLI, perform browser-based login, create/check connections, list and run actions, or proxy requests through Membrane. It does not ask the agent to read unrelated files, harvest environment variables, or exfiltrate data to unexpected endpoints.
Install Mechanism
There is no formal install spec in the registry (the skill is instruction-only), but the document instructs the user to run `npm install -g @membranehq/cli`. This is a standard, traceable npm install; it will modify the system (global npm install often requires elevated privileges) but is proportionate for a CLI-based integration. Recommend verifying the package identity before installing.
Credentials
The skill declares no required env vars, no credentials, and no config paths. It relies on a Membrane account (server-side) to manage Chocolatey credentials, which is consistent with the guidance in the SKILL.md. No unrelated credentials are requested.
Persistence & Privilege
always is false and the skill does not request any special persistent system presence or modification of other skills. It can be invoked autonomously (normal default) but there are no additional privilege escalations requested.
Assessment
This skill appears internally consistent, but you should: (1) Verify you trust the third party (Membrane / getmembrane.com) before allowing it to manage your Chocolatey connection, and review the OAuth/connector scopes it requests; (2) Confirm the npm package name (@membranehq/cli) and the repository homepage are legitimate before running a global install (global npm installs modify your system and may need admin rights); (3) For organizational environments, check policy on third-party connectors and whether you want credentials routed through a vendor-managed proxy; (4) Be cautious when using headless/browser-auth flows—do not paste secrets into untrusted places; (5) If you need stricter control, prefer creating least-privileged connector credentials on the Chocolatey side and review connection activity in Membrane. Overall: acceptable to install/use if you trust Membrane and review connector permissions.

Like a lobster shell, security has layers — review code before you run it.

latestvk97387yh4bqkq3r8q5kh09k39n84b2q5

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments