ClawHub

Raven Tools

v1.0.2

Raven Tools integration. Manage Organizations. Use when the user wants to interact with Raven Tools data.

0· 129·0 current·0 all-time
byMembrane Dev@membranedev
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (Raven Tools integration) match the instructions (use Membrane CLI to discover/connect/run Raven Tools actions). There are no unrelated credential or binary requirements in the metadata.
Instruction Scope
SKILL.md directs the agent to install and use the Membrane CLI, run connector discovery, connect, list actions, run actions, and proxy requests to Raven Tools. It does not instruct reading local files, environment variables, or sending data to unexpected endpoints outside the Membrane/Raven Tools flow.
Install Mechanism
This is an instruction-only skill (no install spec), but the README tells users to run `npm install -g @membranehq/cli` and/or `npx @membranehq/cli@latest`. Installing/running a third-party npm CLI is a normal step for this integration but carries the usual risk of executing code from the npm registry (moderate operational risk).
Credentials
The skill requests no environment variables or secrets. It explicitly relies on Membrane to manage credentials and advises not to ask users for API keys—this is proportionate to the stated purpose.
Persistence & Privilege
The skill does not request always:true and is user-invocable. It does not instruct modifications to other skills or system-wide agent settings. Autonomous invocation is allowed but that is the platform default.
Assessment
This skill is coherent: it delegates auth and API access to the Membrane CLI and doesn't ask for unrelated secrets. Before installing or running commands: (1) confirm you trust the @membranehq npm package and the getmembrane.com project; (2) be aware `npm install -g` and `npx` execute third-party code and may require elevated permissions; (3) when you create a Membrane connection, review the scopes/permissions the connector requests (the proxy command can issue arbitrary API calls on behalf of that connection); and (4) avoid entering unrelated credentials—use Membrane's connection flow as instructed. If you need higher assurance, review the Membrane CLI source/release and the connector behavior before connecting production accounts.

Like a lobster shell, security has layers — review code before you run it.

latestvk97dr67wrx9txvtvpq0373x6v5842cex

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments