ClawHub

Postgrest

v1.0.0

PostgREST integration. Manage data, records, and automate workflows. Use when the user wants to interact with PostgREST data.

0· 37·0 current·0 all-time
byMembrane Dev@membranedev
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description promise (PostgREST integration) matches the runtime instructions: everything delegates to the Membrane platform and CLI to manage PostgREST connections and proxy requests. No unrelated services or secrets are requested.
Instruction Scope
SKILL.md confines actions to installing/using the Membrane CLI, logging in, creating/listing connections, running actions, and proxying requests to PostgREST. It does not instruct the agent to read unrelated files, harvest environment variables, or transmit data outside the Membrane-proxied flows.
Install Mechanism
The skill is instruction-only (no registry install). It recommends installing @membranehq/cli via `npm install -g` — a normal, moderate-risk action because it runs third‑party code on the host. The package name and homepage align (membrane/getmembrane), but users should verify the package and registry before installing global npm packages.
Credentials
The skill declares no required environment variables or credentials and explicitly advises relying on Membrane for auth. The only external requirement is a Membrane account (browser login) and network access, which are proportionate to the stated purpose.
Persistence & Privilege
The skill is not forced-always, does not request system-wide config changes, and does not declare persistence or modification of other skills. It may be invoked autonomously by the agent (platform default), which is expected for a connector-style skill.
Assessment
This skill is coherent and appears to do what it says: it uses the Membrane CLI to connect to and proxy requests to your PostgREST instance. Before installing or using it: 1) Verify you trust Membrane (@membranehq) and its npm package (global installs run code on your machine). 2) Understand that creating a connection through Membrane lets the platform and the CLI proxy arbitrary API calls to your PostgREST (so only connect accounts/databases you trust to be accessed this way). 3) The skill requests no local secrets — it intentionally offloads auth to Membrane — so avoid pasting API keys into chat. 4) If you want to limit risk, do not install the CLI globally on sensitive systems or restrict the agent's ability to autonomously invoke skills in your agent settings.

Like a lobster shell, security has layers — review code before you run it.

latestvk97bnj4czsc6qqhbj097vkcpfh844m3b

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments