ClawHub

Hex

v1.0.2

Hex integration. Manage data, records, and automate workflows. Use when the user wants to interact with Hex data.

0· 78·0 current·0 all-time
byMembrane Dev@membranedev
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (Hex integration) match the instructions: the SKILL.md describes using the Membrane CLI to discover connectors/actions and proxy requests to Hex. There are no unrelated required env vars, binaries, or config paths.
Instruction Scope
Instructions are limited to installing/using the Membrane CLI, creating connections, listing/running actions, and proxying API calls via Membrane. They do not ask the agent to read local secrets or unrelated files. The proxy capability can perform arbitrary Hex API calls (expected for an integration) but is documented and tied to the chosen connection.
Install Mechanism
The skill is instruction-only (no install spec). It asks the user to install @membranehq/cli via npm (global or npx). Installing a global npm package is normal here but has the usual supply-chain/trust considerations (verify the package and source before installing).
Credentials
No environment variables, secrets, or other credentials are requested by the skill. Authentication is delegated to the Membrane service/CLI (the user must authenticate via browser), which is proportionate to the stated purpose.
Persistence & Privilege
always is false and there are no requests to modify other skills or system-wide settings. The default ability for the agent to invoke the skill autonomously remains, but that is normal and not excessive here.
Assessment
This skill appears to do what it says: it uses the Membrane CLI to connect to Hex. Before installing or using it: 1) Verify the @membranehq/cli package and the getmembrane.com / GitHub sources are legitimate (check npm and the repo); 2) Understand that authenticating a connection gives Membrane access to your Hex account/data — review permissions and use least-privilege connectors; 3) Installing a global npm package requires elevated rights on your machine—only proceed if you trust the publisher; 4) Prefer running CLI commands yourself rather than granting broad autonomous agent control to run them, and never paste secret keys directly into chat. If any of these points are unacceptable, do not install or use the skill.

Like a lobster shell, security has layers — review code before you run it.

latestvk97bn66wfds5zkgbfkfjc3t789843scr

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments