ClawHub

Pliance

v1.0.0

Pliance integration. Manage data, records, and automate workflows. Use when the user wants to interact with Pliance data.

0· 55·0 current·0 all-time
byMembrane Dev@membranedev
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
CryptoCan make purchases
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The skill declares it integrates with Pliance and all runtime instructions use the Membrane CLI to discover and call Pliance actions or proxy API requests. Requiring a Membrane account and network access matches the stated purpose; nothing unrelated (e.g., cloud provider credentials or system-wide secrets) is requested.
Instruction Scope
SKILL.md instructs the agent to install and use the Membrane CLI, run commands like 'membrane login', 'membrane connect', 'action list', 'action run', and 'request'. These steps are narrowly scoped to discovering and invoking Pliance endpoints via Membrane and do not direct reading of unrelated files, environment variables, or transmission to unexpected endpoints. The doc explicitly advises against asking users for API keys.
Install Mechanism
The skill is instruction-only and recommends installing the CLI via 'npm install -g @membranehq/cli'. A global npm install is a reasonable install path for a CLI but carries the usual third-party package risk (supply-chain/malicious package). The recommendation is traceable to the @membranehq package and a public repo/homepage are provided, which reduces but does not eliminate install risk.
Credentials
No environment variables, secrets, or config paths are required by the registry metadata. The only needed account is a Membrane user login (handled via browser flow by the CLI). This level of access is proportionate to a SaaS connector that must authenticate to Pliance.
Persistence & Privilege
The skill is not always-included and does not request system-wide persistent privileges. It is instruction-only with no install spec that writes code into the agent environment. Autonomous invocation is allowed (platform default) but that is expected for a connector skill and is not combined with other concerning factors.
Assessment
This skill appears to be what it says — a Membrane-based Pliance connector. Before installing: (1) verify the npm package name (@membranehq/cli) and its maintainers on the npm/GitHub pages you trust; (2) review what permissions a Membrane connection to Pliance will have (read/write/delete) and grant least privilege necessary; (3) prefer running the CLI in an environment you control (avoid installing global packages on sensitive production hosts); and (4) if you operate in a high-security environment, audit the Membrane account and connector activity logs so you can revoke access if needed.

Like a lobster shell, security has layers — review code before you run it.

latestvk97fdvfezbvne8zvtff4cy1q0n84erfn

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments