ClawHub

Twist

v1.0.0

Twist integration. Manage data, records, and automate workflows. Use when the user wants to interact with Twist data.

0· 48·0 current·0 all-time
byMembrane Dev@membranedev
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (Twist integration) match the SKILL.md: it instructs the agent/operator to use the Membrane CLI to connect to Twist, discover actions, run actions, or proxy API requests. Requested capabilities (network access, Membrane account) are expected for this integration.
Instruction Scope
SKILL.md only instructs installing and using the Membrane CLI, creating connections, listing actions, running actions, and proxying requests to Twist. It does not instruct reading unrelated files, exfiltrating environment variables, or modifying system-level configs. Authentication is via browser-based Membrane flows; the doc explicitly advises not to ask users for API keys.
Install Mechanism
This is an instruction-only skill (no install spec), but it tells users to run `npm install -g @membranehq/cli`. That is a reasonable, traceable instruction (public npm package), but installing global npm packages carries typical supply-chain risks and will execute package install scripts on the host. The skill does not perform the install itself.
Credentials
The skill declares no required environment variables or credentials. It relies on a Membrane account/connection to manage Twist auth, which is proportionate for a proxy/connector-based integration.
Persistence & Privilege
always is false and the skill is user-invocable. There is no instruction to modify other skills or system-wide agent settings. No abnormal persistence or privilege escalation is requested.
Assessment
This skill appears coherent: it uses Membrane (a third-party CLI/proxy) to talk to Twist and asks you to sign in via browser-based flows. Before installing/using it: (1) verify you trust the @membranehq/cli npm package and its publisher (supply-chain risk from global npm installs); (2) understand that requests to Twist will be proxied through Membrane — review their privacy/security and what data they retain; (3) during the Membrane connect flow you will grant access to Twist data — confirm the permissions requested are appropriate; (4) the skill itself is instruction-only and won’t run code automatically, so risky actions require you to run the CLI commands. If you need stronger assurance, inspect the Membrane CLI source or use a controlled environment to perform initial tests.

Like a lobster shell, security has layers — review code before you run it.

latestvk978mjch6wnyp550srhf785kws84e05w

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments