Sonarqube
v1.0.0SonarQube integration. Manage data, records, and automate workflows. Use when the user wants to interact with SonarQube data.
⭐ 0· 53·0 current·0 all-time
byMembrane Dev@membranedev
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description claim SonarQube integration and the SKILL.md exclusively documents using the Membrane CLI to connect, list actions, run actions, and proxy API requests to SonarQube. Requested artifacts (Membrane CLI, network, Membrane account) are coherent with that purpose.
Instruction Scope
Instructions tell the agent to install and run the Membrane CLI and to authenticate via browser; they do not instruct reading unrelated files or environment variables. They do, however, route SonarQube API calls through Membrane — meaning request/response data and credentials are handled by Membrane's servers. That is expected for this integration but is a privacy/trust consideration.
Install Mechanism
No install spec in registry metadata, but SKILL.md instructs an npm global install (npm install -g @membranehq/cli). Installing a global npm package is a standard approach for CLIs but writes files to disk and requires trust in the package/publisher. This is a moderate-risk install method but proportionate to the stated functionality.
Credentials
The skill declares no required environment variables, no config paths, and the instructions explicitly advise against asking users for API keys. There are no unexplained credential requests.
Persistence & Privilege
Skill is instruction-only, does not request always:true, and does not ask to modify other skills or system-wide settings. The default autonomous invocation setting is unchanged.
Assessment
This skill is an instructions-only SonarQube integration that relies on the Membrane CLI and your Membrane account. Before installing or using it: 1) Confirm you trust the @membranehq npm package and its publisher (check the package page and GitHub repo), since a global npm install will place executables on your system. 2) Understand that Membrane will proxy API calls and hold connection credentials server-side — don't use it with SonarQube instances or data you don't want routed through an external service. 3) Review the Membrane CLI source or privacy/security docs if you need assurance about how credentials and data are handled. Otherwise, the skill's requests and instructions are proportionate to its stated purpose.Like a lobster shell, security has layers — review code before you run it.
latestvk979y0da9fym241yrgg5ervmz184fah9
License
MIT-0
Free to use, modify, and redistribute. No attribution required.