ClawHub

Ibm Api Connect

v1.0.0

IBM API Connect integration. Manage data, records, and automate workflows. Use when the user wants to interact with IBM API Connect data.

0· 61·0 current·0 all-time
byMembrane Dev@membranedev
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The skill's name and description match its runtime instructions: it uses the Membrane CLI to connect to and operate on IBM API Connect. Minor inconsistency: the registry metadata lists no required binaries, but the SKILL.md expects the 'membrane' CLI (installed via npm) and network access / a Membrane account.
Instruction Scope
SKILL.md stays on-topic and only instructs use of the Membrane CLI to discover actions, run actions, and proxy requests to IBM API Connect. Important scope detail: requests and API payloads are proxied through Membrane's service (external endpoint), so API calls and data will be transmitted to Membrane.
Install Mechanism
There is no formal install spec (instruction-only), but the doc recommends installing @membranehq/cli via npm (global install) or using npx. Using the public npm registry for a CLI is reasonable, but global npm installs have typical OS/user-level risk and the metadata should declare the required binary.
Credentials
The skill requests no environment variables and explicitly instructs not to ask users for API keys because Membrane manages credentials server-side. This is proportionate to the described functionality (delegated auth).
Persistence & Privilege
Skill is instruction-only, not always-enabled, and does not request persistent elevated privileges or modify other skills' configs.
Assessment
This skill appears internally consistent, but before installing: 1) be aware it routes API calls and any request payloads through the Membrane service—verify you trust that service and its privacy/security policies; 2) the SKILL.md expects the 'membrane' CLI (npm package) even though the registry metadata didn't declare it—prefer using 'npx @membranehq/cli@latest' if you want to avoid a global install; 3) verify the upstream repository/homepage and author (membrane) if you need stronger provenance; and 4) avoid entering sensitive secrets into local prompts—follow the guide to authenticate via the browser-based flow so credentials are managed by Membrane rather than exposed locally.

Like a lobster shell, security has layers — review code before you run it.

latestvk976wk4brqtb1z8nvba506n5m18455z4

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments