← Back to Skills Marketplace
gora050

Threat Stack

by Vlad Ursul · GitHub ↗ · v1.0.3 · MIT-0
cross-platform ⚠ suspicious
137
Downloads
0
Stars
0
Active Installs
4
Versions
Install in OpenClaw
/install threat-stack
Description
Threat Stack integration. Manage data, records, and automate workflows. Use when the user wants to interact with Threat Stack data.
Usage Guidance
This skill appears to do what it claims: it uses Membrane to connect to Threat Stack and run actions. Before installing/use: 1) Verify you trust Membrane (getmembrane.com) and review their privacy/security docs because Membrane will hold credentials and act on your behalf. 2) Inspect the npm package @membranehq/cli on npm/github and prefer running via npx or pin a specific version rather than `@latest`. 3) Limit the connector's permissions in Threat Stack to the minimum needed and audit connections. 4) Confirm organizational policy on third-party credential brokers if you are using corporate accounts. If you want more assurance, ask the skill author/source for provenance (who published this skill) and for a checksum or pinned CLI version.
Capability Analysis
Type: OpenClaw Skill Name: threat-stack Version: 1.0.3 The skill facilitates integration with Threat Stack via a third-party middleware platform (Membrane). It requires high-risk actions including the global installation of an external npm package (@membranehq/cli) and the dynamic creation/execution of actions via a remote service (membrane action create/run). While these capabilities are aligned with the stated purpose of the integration, the reliance on a third-party CLI and remote code generation constitutes a significant attack surface and potential for remote execution (SKILL.md).
Capability Assessment
Purpose & Capability
The name and description (Threat Stack integration) match the instructions: the SKILL.md tells the agent to use the Membrane CLI to create a connection to Threat Stack, discover and run actions. The required tools and steps (membrane connect, action list/run) are proportionate to a connector skill.
Instruction Scope
All runtime instructions stay within the stated purpose: install Membrane CLI, log in, create a connector, discover and run actions. The SKILL.md does not instruct the agent to read unrelated local files, request unrelated env vars, or exfiltrate data to unexpected endpoints. It does use browser/headless login flows for authentication as expected for a connector.
Install Mechanism
This is an instruction-only skill (no install spec), but it tells users to run `npm install -g @membranehq/cli@latest` (or use npx in examples). Installing a global npm package is a normal way to get a CLI, but it does install third-party code on the system and uses `@latest` (unpinned). Consider verifying the package on the npm registry, pinning a known-good version, or using npx/containerized execution to reduce risk.
Credentials
The skill declares no required env vars or credentials and explicitly instructs not to ask the user for API keys, instead delegating auth to Membrane. That is consistent with its design. Note: delegating auth to a third party centralizes access — ensure you trust Membrane and understand the scope of the connector's permissions in your Threat Stack account.
Persistence & Privilege
The skill does not request permanent presence (always: false). It does not instruct modifying other skills or system-wide agent settings. Autonomous invocation is allowed (platform default) and is not a special concern here.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install threat-stack
  3. After installation, invoke the skill by name or use /threat-stack
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.3
Auto sync from membranedev/application-skills
v1.0.2
Revert refresh marker
v1.0.1
Refresh update marker
v1.0.0
Auto sync from membranedev/application-skills
Metadata
Slug threat-stack
Version 1.0.3
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 4
Frequently Asked Questions

What is Threat Stack?

Threat Stack integration. Manage data, records, and automate workflows. Use when the user wants to interact with Threat Stack data. It is an AI Agent Skill for Claude Code / OpenClaw, with 137 downloads so far.

How do I install Threat Stack?

Run "/install threat-stack" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Threat Stack free?

Yes, Threat Stack is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Threat Stack support?

Threat Stack is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Threat Stack?

It is built and maintained by Vlad Ursul (@gora050); the current version is v1.0.3.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments