ClawHub

Thinq

v1.0.2

ThinQ integration. Manage data, records, and automate workflows. Use when the user wants to interact with ThinQ data.

0· 101·0 current·0 all-time
byMembrane Dev@membranedev
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description claim ThinQ integration and the SKILL.md exclusively instructs use of the Membrane CLI to connect to ThinQ, discover actions, run actions, and proxy requests. No unrelated credentials, binaries, or config paths are requested—requirements are proportional to the stated purpose.
Instruction Scope
Instructions stay within the expected scope (install Membrane CLI, login, create connection, run actions, or proxy requests). One operational note: proxying sends requests through Membrane's service, so API calls and payloads transit Membrane servers — this is expected but a privacy/data-flow consideration for users.
Install Mechanism
There is no embedded install spec in the skill; the SKILL.md recommends installing @membranehq/cli from npm (a public registry). That is a reasonable, expected instruction for this integration, but installing global npm packages carries the usual supply-chain risks and users should verify package provenance/version.
Credentials
The skill declares no environment variables, no primary credential, and no config paths. The SKILL.md explicitly directs users to create a connection via Membrane (browser OAuth flow) instead of providing API keys locally, which is proportionate to the goal.
Persistence & Privilege
The skill is instruction-only, does not request always:true, and does not modify other skills or system-wide settings. It does not ask for permanent agent privileges.
Assessment
This skill is coherent and uses the Membrane CLI to access ThinQ; it does not request local secrets. Before installing/using: (1) review the @membranehq/cli npm package (author, version, and repository) or prefer npx to avoid a global install; (2) understand that proxying API calls will route request payloads through Membrane's servers—review their privacy/security documentation and terms if you will send sensitive data; (3) complete the browser OAuth flow only on trusted machines and do not paste unrelated secrets into terminal prompts; (4) if you require fully self-hosted or auditable access, consider using ThinQ's API directly instead of a third-party proxy.

Like a lobster shell, security has layers — review code before you run it.

latestvk979yk4ccgaqjqx4m9q6x35e4s843gsr

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments