ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Adversus

v1.0.2

Adversus integration. Manage data, records, and automate workflows. Use when the user wants to interact with Adversus data.

0· 96·0 current·0 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name and description match the runtime instructions: the SKILL.md explicitly directs use of the Membrane CLI to connect to Adversus. No unrelated credentials, binaries, or paths are requested.
Instruction Scope
Instructions stay on-topic: they explain installing and using @membranehq/cli, logging in (interactive or headless), creating and listing connections, and using connector IDs. The instructions do not ask the agent to read arbitrary system files or unrelated environment variables.
Install Mechanism
Installation is a global npm package (npm install -g @membranehq/cli). This is expected for a CLI-based skill but carries the usual caveats of global npm installs (writes to system/global path, requires trust in the package/maintainer).
Credentials
The skill declares no required env vars or credentials and relies on Membrane's auth flows. That is proportional to the described behavior. There are no extraneous credential requests.
Persistence & Privilege
always is false and the skill is user-invocable. The skill does not request special privileges or modify other skills. Note that autonomous agent invocation (disable-model-invocation: false) is the platform default — combine this with normal caution about allowing an agent to run CLI commands.
Assessment
This skill is instruction-only and uses the Membrane CLI to interact with Adversus — that is internally consistent. Before installing, verify the @membranehq/cli package is the official Membrane release (check the package on npm and the repository linked in SKILL.md), and be aware a global npm install will place binaries on your system. The CLI handles authentication in a browser or headless flow: treat the login URL/code like a sensitive one-time secret and avoid pasting it where others can see. Also consider whether you want the agent to be allowed to run external CLI commands autonomously; if not, disable autonomous invocation or only enable the skill for explicit, manual use.

Like a lobster shell, security has layers — review code before you run it.

latestvk974anw63qgrjrx6zt991kz7rh843hbx

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments