ClawHub

Infinity 1

v1.0.0

Infinity integration. Manage data, records, and automate workflows. Use when the user wants to interact with Infinity data.

0· 95·0 current·0 all-time
byMembrane Dev@membranedev
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name and description say 'Infinity integration' and all instructions center on using the Membrane CLI to connect to Infinity, discover actions, run actions, or proxy API requests. Required capabilities (network, Membrane CLI) are appropriate for the stated purpose.
Instruction Scope
SKILL.md instructs using membrane login/connect/action list/action run/request and explicitly avoids asking for local API keys. It does not instruct reading unrelated files, scanning system state, or exfiltrating data outside the Membrane/Infinity flow.
Install Mechanism
No install spec in metadata (skill is instruction-only). The doc recommends installing the @membranehq/cli npm package (npm install -g or npx). This is expected for a CLI-driven integration but carries the typical risk of installing third-party npm packages — verify package provenance before installing globally.
Credentials
The skill declares no required env vars or credentials and instructs using Membrane-managed connections rather than asking for API keys. Requested permissions (browser-based OAuth during 'membrane connect') are proportional to connecting to a third-party service.
Persistence & Privilege
Skill is not forced-always-on and does not request system-wide config paths or other skills' credentials. It relies on Membrane to manage auth; no elevated persistence or privilege escalation is requested.
Assessment
This skill appears coherent and appropriate for integrating Infinity via Membrane, but you should: 1) Confirm you trust the Membrane project and examine the @membranehq/cli package (publisher, recent releases) before installing globally; 2) Prefer npx or a local install if you want to avoid a global npm install; 3) Review the OAuth scopes/permissions presented when creating the connection in your browser so the connection only has needed access to Infinity; 4) If running in a CI/headless environment, follow the documented headless flow and avoid copying secrets into scripts; 5) If you have strict security requirements, run the CLI in an isolated environment/container and audit network traffic or logs when first connecting.

Like a lobster shell, security has layers — review code before you run it.

latestvk977kfbyhfg4hw5vhpkbefpey184gy45

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments