ClawHub

Open Policy Agent

v1.0.0

Open Policy Agent integration. Manage data, records, and automate workflows. Use when the user wants to interact with Open Policy Agent data.

0· 29·0 current·0 all-time
byMembrane Dev@membranedev
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The skill claims to integrate with Open Policy Agent and its SKILL.md consistently instructs the agent to use the Membrane CLI and Membrane connections to interact with OPA — this is a plausible and coherent design. Minor inconsistency: the skill metadata lists no required binaries, but the runtime instructions explicitly require installing the `@membranehq/cli` (npm) CLI.
Instruction Scope
SKILL.md stays on-topic: it describes authenticating with Membrane, creating connections, listing actions, running actions, and proxying API requests to OPA. It does not instruct reading unrelated files, other env vars, or exfiltrating data outside the Membrane proxy path. It does instruct opening a browser for login (or using a headless flow).
Install Mechanism
There is no formal install spec in the metadata (instruction-only), but the README tells users to run `npm install -g @membranehq/cli`. Installing a global npm package is a normal way to get the CLI but does execute third-party code from the npm registry; verify the package and publisher before installing.
Credentials
The skill declares no required environment variables or credentials. It relies on a Membrane account for authentication and instructs the user to create connections rather than providing raw API keys — this is proportionate to the described purpose.
Persistence & Privilege
The skill does not request always:true or any elevated/persistent presence. It is user-invocable and allows model invocation (the platform default) — nothing unusual or excessive here.
Assessment
This skill appears to do what it says: it uses Membrane as a proxy to interact with Open Policy Agent. Before installing or using it: - Verify you trust Membrane (getmembrane.com) and the npm package @membranehq/cli (check the npm page and GitHub repo) because installing a global npm CLI runs third-party code on your machine. - Understand that Membrane will proxy requests and manage credentials for you; that means Membrane's service will have access to the OPA data/requests you send through it — confirm this aligns with your privacy/compliance needs. - In headless or CI environments, follow the advertised headless login flow, and avoid pasting secrets into commands. - If you need an offline/self-hosted integration or want to avoid external proxies, consider using the OPA API directly instead of routing through a third-party service. If you want, I can fetch the npm package page and the GitHub repository to verify publisher details and recent activity before you proceed.

Like a lobster shell, security has layers — review code before you run it.

latestvk9759qnwm7trz93rb81k52vxtd84650j

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments