ClawHub

Exabeam

v1.0.2

Exabeam integration. Manage data, records, and automate workflows. Use when the user wants to interact with Exabeam data.

0· 108·0 current·0 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (Exabeam integration) match the instructions: all actions are routed through Membrane to interact with Exabeam. The homepage/repository references Membrane (the integration proxy) which is consistent with the skill's approach.
Instruction Scope
SKILL.md only instructs installing/using the Membrane CLI, logging in (browser OAuth), listing/creating connections, running actions, and proxied requests to Exabeam. It does not ask the agent to read unrelated files, exfiltrate env vars, or contact unexpected endpoints beyond Membrane/Exabeam.
Install Mechanism
This is an instruction-only skill that tells users to install @membranehq/cli via npm (-g) or use npx. That's a reasonable, common approach, but installing a global npm package requires trusting that third-party package (verify package identity/signature and prefer pinned versions in sensitive environments).
Credentials
The skill declares no required environment variables or credentials and relies on Membrane's OAuth-based login flow. This is proportional to its purpose; Membrane will manage the Exabeam credentials rather than asking for raw API keys.
Persistence & Privilege
No install artifacts or persistent privileges are requested by the skill metadata (always:false, no install spec). Autonomous invocation (default) is allowed but not unusual; the skill does not request elevated or system-wide modifications.
Assessment
This skill delegates all Exabeam interaction to the Membrane CLI. Before using: (1) Verify you trust @membranehq/cli (check the npm package page and the upstream repo), and prefer installing a pinned version rather than always using @latest in production; (2) Understand that authentication is via browser OAuth and Membrane will hold API credentials — confirm Membrane's privacy/security posture for your environment; (3) Global npm installs require appropriate permissions — consider using npx or a per-project install if you cannot or do not want global binaries; (4) If you operate in a high-security environment, review Membrane's network endpoints and connector scopes before granting access. Overall the skill is coherent with its stated purpose, but it relies on trusting the Membrane CLI as an intermediary.

Like a lobster shell, security has layers — review code before you run it.

latestvk97ehs8bsafshp0v9mw0kc456s842fjn

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments