ClawHub

Microcks

v1.0.0

Microcks integration. Manage data, records, and automate workflows. Use when the user wants to interact with Microcks data.

0· 52·0 current·0 all-time
byMembrane Dev@membranedev
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The skill's name and description (Microcks integration) align with the instructions: it uses the Membrane CLI as a connector to interact with Microcks. It does not request unrelated credentials, binaries, or config paths.
Instruction Scope
SKILL.md confines runtime actions to installing/using the Membrane CLI, performing login via browser, creating connections, listing/running actions, and proxying requests to Microcks. It does not instruct reading unrelated files or exfiltrating local secrets. Note: the 'membrane request' command can proxy arbitrary API calls — that capability is expected for this integration but worth user awareness.
Install Mechanism
There is no registry install spec (instruction-only). The doc tells the user to run 'npm install -g @membranehq/cli' (a public npm package). That is a reasonable and expected approach, but installing global npm packages carries moderate risk; users should verify the package publisher and consider using npx or a contained environment.
Credentials
The skill declares no required env vars or config paths. Authentication is delegated to Membrane (browser-based login and managed connections), so no extra credentials are requested by the skill itself.
Persistence & Privilege
always:false and user-invocable:true (defaults). The skill does not request persistent system changes or access to other skills' configs. Note: autonomous invocation is allowed by default (disable-model-invocation:false) — this is platform normal and not flagged here.
Assessment
This skill appears coherent, but review a few practical points before installing/using it: - Verify the Membrane CLI package (@membranehq/cli) on npm and its publisher (or prefer 'npx @membranehq/cli' to avoid a global install). - Inspect Membrane's GitHub/repo and privacy/security docs if you care about where credentials and proxied traffic go (Membrane manages auth server-side per the doc). - When authenticating in a browser, check what scopes/permissions are being granted to the connection and avoid granting unnecessary access. - Be cautious with 'membrane request' — it can send arbitrary API calls to Microcks (or proxied targets); don't use it to forward sensitive local secrets or files unless you trust the endpoint and Membrane's handling. - If installing on a production or sensitive machine, consider using a container or isolated environment for the CLI to limit impact.

Like a lobster shell, security has layers — review code before you run it.

latestvk97fxvcex241pv8aeeazgez569844hs4

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments