ClawHub

Purple Dot

v1.0.0

Purple Dot integration. Manage data, records, and automate workflows. Use when the user wants to interact with Purple Dot data.

0· 62·0 current·0 all-time
byMembrane Dev@membranedev
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description say 'Purple Dot integration' and the instructions exclusively describe using the Membrane CLI to connect to Purple Dot, run actions, and proxy API requests. The requested operations and tooling are coherent with that purpose.
Instruction Scope
SKILL.md instructs the agent to install and use the Membrane CLI, run login/connect/action commands, and optionally proxy raw API calls through Membrane. It does not instruct reading unrelated files, scanning host config, or exfiltrating arbitrary data. The scope stays focused on interacting with Purple Dot through Membrane.
Install Mechanism
This skill is instruction-only (no install spec). It tells users to install @membranehq/cli via npm -g or use npx. Installing a global npm package is a standard but moderately privileged action (downloads and executes code from the npm registry). This is expected for a CLI-based integration but is worth attention (verify package origin/version).
Credentials
The skill declares no required environment variables or credentials and explicitly instructs not to ask users for API keys, relying on Membrane for auth. That is proportional: authentication is handled by Membrane's login flow rather than local secrets.
Persistence & Privilege
The skill does not request always:true, does not require config paths, and is instruction-only. It does not request persistent elevated presence or cross-skill configuration changes. Autonomous invocation remains a platform default and is not a special privilege here.
Assessment
This skill is coherent with its purpose, but before installing or following the instructions consider: 1) The SKILL.md asks you to install @membranehq/cli from the npm registry; verify the package name, publisher, and version (or use npx to avoid a global install). 2) Membrane handles authentication via a browser flow — ensure you trust the Membrane account and service before granting access to your Purple Dot data. 3) The CLI will make network requests and can proxy API calls; avoid pasting secrets into chat outputs and review any returned data you forward. 4) If you want to minimize local footprint, prefer npx @membranehq/cli@latest for ad-hoc runs instead of npm -g. 5) If you need higher assurance, review the @membranehq/cli source repository and npm package integrity (checksums/signatures) before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk9752mnmaavfx2mx5py1des9vs845frm

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments