muapi-platform
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This skill appears to do what it says, but users should notice that it handles a MuAPI API key and relies on an external MuAPI CLI that is not declared in metadata.
This looks like a straightforward MuAPI utility skill. Before installing or using it, make sure the `muapi` CLI on your system is legitimate, and only provide a MuAPI API key you are comfortable storing locally for this purpose.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone using this skill may store a MuAPI account credential on the local machine.
The setup helper accepts and saves a MuAPI API key through the MuAPI CLI. This is purpose-aligned, but it grants account access and persists credentials locally.
MUAPI_API_KEY="$2" muapi auth configure --api-key "$2"
Use an intended, least-privileged MuAPI key if possible, avoid sharing command history or logs containing the key, and rotate the key if it may have been exposed.
If a wrong or untrusted `muapi` command is installed on the system, the helper scripts would run that command.
The scripts depend on an external `muapi` binary, while the registry metadata declares no required binaries or install source. This is not suspicious by itself, but users need to verify the CLI provenance.
muapi auth configure ... muapi auth whoami
Install the MuAPI CLI only from the official MuAPI source and confirm which `muapi` binary is on the PATH before using the scripts.