Cubejs
v1.0.2Cube.js integration. Manage data, records, and automate workflows. Use when the user wants to interact with Cube.js data.
⭐ 0· 91·0 current·0 all-time
byMembrane Dev@membranedev
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The skill claims to integrate with Cube.js and all runtime instructions revolve around using the Membrane CLI to discover connectors, create connections, run actions, and proxy API requests — this aligns with the stated purpose.
Instruction Scope
SKILL.md instructs installing and using the Membrane CLI, logging in (browser-based auth or headless flow), creating connections, listing actions, running actions, and proxying requests. It does not instruct reading local files, environment variables, or unrelated system paths. Note: using Membrane implies requests and credentials are proxied through Membrane's service (data and auth flows go to that external service).
Install Mechanism
There is no automated install spec in the registry; the document tells the user to run `npm install -g @membranehq/cli` and use `npx` for commands. This is a typical user-level install but does involve fetching and executing third-party npm code (supply-chain risk if the package or maintainer were compromised).
Credentials
The skill declares no required env vars or credentials and explicitly advises against asking users for API keys, instead relying on Membrane-managed connections. The requested scope is proportional to a connector-oriented integration.
Persistence & Privilege
The skill is instruction-only, has no always:true flag, and does not request elevated or persistent system privileges. Autonomous invocation is allowed by default but is not combined with other concerning privileges.
Assessment
This skill appears coherent: it delegates auth and API calls to the Membrane service and only instructs you to install and use the Membrane CLI. Before installing or using it: (1) verify you trust the Membrane service (https://getmembrane.com) and the @membranehq npm package and review the package/publisher if you can; (2) be aware that Cube.js API calls and credentials will be proxied through Membrane (check their privacy/security policy); (3) installing a global npm package and running npx executes third-party code — prefer installing in a controlled environment or reviewing the package first; (4) use least-privilege/test accounts and avoid connecting sensitive production data until you’re confident in the integration.Like a lobster shell, security has layers — review code before you run it.
latestvk9752z4fqjrbmqyvth044gze51843s57
License
MIT-0
Free to use, modify, and redistribute. No attribution required.