ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Accuranker

v1.0.2

Accuranker integration. Manage data, records, and automate workflows. Use when the user wants to interact with Accuranker data.

0· 88·0 current·0 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (Accuranker integration) matches the instructions: all actions are performed via the Membrane CLI which proxies to the Accuranker API. No unrelated services, binaries, or credentials are requested.
Instruction Scope
SKILL.md stays on topic: it instructs installing and using the Membrane CLI, creating a Membrane connection to Accuranker, listing/running actions, and using Membrane's proxy for raw API calls. It does not instruct reading local files, accessing unrelated env vars, or exfiltrating data.
Install Mechanism
There is no automated install spec in the registry, but the instructions ask the user to run `npm install -g @membranehq/cli`. Installing a global npm package is a reasonable way to obtain the CLI but carries the usual supply-chain and privilege risks (global npm install modifies system PATH). Verify the package and publisher before installing.
Credentials
The skill declares no required environment variables or credentials and the docs explicitly say Membrane handles auth server-side. That aligns with the stated purpose and avoids asking for unrelated secrets.
Persistence & Privilege
The skill is instruction-only (no code written to disk by the registry) and does not request always:true or other elevated platform privileges. It relies on the user running the Membrane CLI; autonomous invocation is disabled only by platform settings, not the skill itself.
Assessment
This skill is coherent but depends on the third‑party Membrane service and its CLI. Before installing or running commands: (1) verify the @membranehq/cli package and publisher on npm and the linked repository; (2) understand that `membrane login` will grant Membrane access to Accuranker on your behalf—only proceed if you trust Membrane to manage those credentials; (3) prefer installing the CLI in a controlled environment (or use a container/virtual environment rather than a global npm install) per your org policy; (4) review the connector permissions in the browser auth flow and use least-privileged accounts when possible.

Like a lobster shell, security has layers — review code before you run it.

latestvk973fm6gr7v7xjtm1ypjb3mb3s843f71

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments