ClawHub

Spade

v1.0.0

Spade integration. Manage data, records, and automate workflows. Use when the user wants to interact with Spade data.

0· 56·0 current·0 all-time
byMembrane Dev@membranedev
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The skill describes interacting with Spade data and all instructions revolve around installing and using the Membrane CLI to connect and run Spade actions — this aligns with the stated purpose.
Instruction Scope
SKILL.md only instructs installing the Membrane CLI, performing login flows, creating connections, discovering actions, running actions, and proxying requests to Spade via Membrane. It does not instruct reading unrelated files, exfiltrating environment variables, or modifying system configuration.
Install Mechanism
The document directs users to install an npm package globally (npm install -g @membranehq/cli). That is a reasonable way to obtain a CLI but carries the usual supply-chain risks of installing third-party npm packages; the install is expected for this integration but users should verify the package source and trustworthiness before installing globally.
Credentials
No local environment variables or credentials are requested, which is proportionate. However, the integration delegates credential storage and auth to Membrane (server-side), so using the skill will grant Membrane access to the user's Spade account tokens — a legitimate design choice but a privacy/trust consideration for users.
Persistence & Privilege
The skill does not request always: true, does not require writing configuration, and is user-invocable. It does not request elevated or persistent system privileges.
Scan Findings in Context
[no-code-to-scan] expected: The regex scanner found nothing because this is an instruction-only skill (only SKILL.md present). This is expected; absence of findings is not proof of safety but is consistent with an instruction-only integration.
Assessment
This skill is coherent: it tells you to install the official Membrane CLI and use it to connect to Spade rather than asking for API keys locally. Before installing, verify the @membranehq/cli npm package and the Membrane service (homepage/repo) to ensure you trust them, and be aware that connecting will give Membrane access to your Spade account tokens. If you're cautious, install the CLI in a controlled environment (e.g., a container or VM), review the package repository, and confirm the login flow in a browser rather than providing credentials directly on the command line.

Like a lobster shell, security has layers — review code before you run it.

latestvk97cxdz3107ft5k3ezvc447t3184dgxf

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments