ClawHub

Safebase

v1.0.2

SafeBase integration. Manage data, records, and automate workflows. Use when the user wants to interact with SafeBase data.

0· 281·0 current·0 all-time
byMembrane Dev@membranedev
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The SKILL.md describes SafeBase operations and consistently instructs the agent to use the Membrane CLI as a connector/proxy to SafeBase. There are no unrelated credentials, binaries, or config paths requested that don't match the described integration.
Instruction Scope
All runtime instructions are limited to installing/using the Membrane CLI, logging in, discovering connections/actions, running actions, and proxying requests to SafeBase. The document does not direct the agent to read unrelated files, environment variables, or exfiltrate data to unexpected endpoints.
Install Mechanism
This is an instruction-only skill (no install spec), but it tells users to run `npm install -g @membranehq/cli` (and uses npx in examples). Installing a global npm package is a legitimate, moderate-risk action — it will install third-party code on the host and may require elevated privileges. The registry source (@membranehq on npm and the referenced GitHub) should be verified before installation.
Credentials
No environment variables or secrets are requested by the skill; it relies on Membrane to manage auth. Note: because Membrane acts as the proxy/auth backend, credentials and API traffic to SafeBase will be handled server-side by Membrane — meaning Membrane will have access to request/response data and connection credentials.
Persistence & Privilege
The skill does not request always:true or any special persistent privileges and is user-invocable only. There is no install-time modification of other skills or agent-wide settings described.
Assessment
This skill is internally consistent but relies on the third-party Membrane service and its CLI. Before installing: (1) verify the @membranehq/cli package and its publisher on npm and the referenced GitHub repository; (2) understand that Membrane will broker SafeBase API calls and therefore can see data and hold credentials — review Membrane's privacy/security docs; (3) be aware that `npm install -g` installs code globally (may need elevated privileges) — prefer testing in an isolated environment; and (4) avoid entering unrelated sensitive secrets into the environment where you run the CLI. If you need stronger assurance, ask for the exact Membrane service endpoint, the CLI package checksum, or audit the CLI source before use.

Like a lobster shell, security has layers — review code before you run it.

latestvk97avnsreeeb1g8f629578s8p1842n3k

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments