ClawHub

Pact Foundation

v1.0.0

Pact Foundation integration. Manage data, records, and automate workflows. Use when the user wants to interact with Pact Foundation data.

0· 52·0 current·0 all-time
byMembrane Dev@membranedev
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (Pact Foundation integration) matches the instructions (use Membrane CLI to connect, list actions, and proxy requests to Pact). No unrelated environment variables, config paths, or binaries are requested by the skill metadata.
Instruction Scope
The SKILL.md instructs using the Membrane CLI for discovery, running actions, and proxying arbitrary API requests to the Pact Foundation API. That is appropriate for a connector, but proxying arbitrary paths gives broad access to anything the Membrane connection is authorized to do — ensure you understand and limit the Membrane connection's permissions.
Install Mechanism
This is an instruction-only skill (no install spec). It tells users to install @membranehq/cli via npm -g and uses npx in examples. Installing an npm package globally is a moderate-risk supply-chain action (registry package will be written to disk). The skill does not include a pinned package version or verify the package origin, so standard npm-supply-chain cautions apply.
Credentials
The skill requests no environment variables or credentials in metadata and explicitly advises letting Membrane manage credentials. That is proportionate for a connector that relies on a Membrane account.
Persistence & Privilege
always is false and the skill is user-invocable; it does not request persistent platform privileges or modify other skills. Autonomous invocation is allowed by default but not combined with other concerning privileges.
Assessment
This skill is coherent for interacting with Pact Foundation via Membrane, but take these practical precautions before installing or using it: 1) Verify you trust the Membrane service and the @membranehq/cli npm package (check the official repo and package publisher). 2) Be aware installing npm -g requires npm/node on the system and writes executables globally. 3) Limit the Membrane connection's permissions to least privilege — the proxy feature can access any API paths the connection authorizes. 4) When the agent asks you to run login or follow a browser URL, verify the domain and code match legitimate Membrane endpoints. 5) Prefer creating a dedicated Membrane account/connection for automation rather than reusing high-privilege org credentials.

Like a lobster shell, security has layers — review code before you run it.

latestvk974fz14e1dx23nxgjarh9wk2s84efk9

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments