ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Azure Devops

v1.0.0

Azure DevOps integration. Manage data, records, and automate workflows. Use when the user wants to interact with Azure DevOps data.

0· 23·0 current·0 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill's name and description match the runtime instructions (it uses Membrane to talk to Azure DevOps). However, the registry metadata claims no required binaries or env vars while the SKILL.md explicitly instructs installing and using the @membranehq/cli (npm -g). That metadata/instruction mismatch is unexpected.
Instruction Scope
SKILL.md confines itself to Azure DevOps tasks via the Membrane CLI (login, create connections, list/run actions, proxy requests). It does not instruct reading unrelated files or harvesting local environment data. It does, however, direct arbitrary proxied API requests through Membrane, which means any proxied request/response (including sensitive project data) will flow through the Membrane service — expected for a proxy but important to note.
!
Install Mechanism
There is no formal install spec in the registry; the skill tells the user to install an npm global package (@membranehq/cli). Installing global npm packages runs remote code on your machine and is a supply-chain risk. The absence of an install spec in metadata (and no pinned package version) increases uncertainty about exactly what will be installed.
Credentials
The skill declares no required env vars or primary credential, relying on Membrane-managed authentication. This is proportionate for a proxy-based integration, but it means you must trust Membrane with Azure DevOps credentials and data since auth and proxying occur server-side.
Persistence & Privilege
The skill is instruction-only, has no install hooks in the registry, and is not always-enabled. It does not request persistent system privileges via metadata. Autonomous invocation is enabled (default), which is normal — not flagged alone.
What to consider before installing
Before installing or using this skill, consider the following: - Metadata mismatch: the registry says "no required binaries" but SKILL.md tells you to install @membranehq/cli via npm -g. Verify the publisher and why install requirements aren't reflected in the registry. - Trust boundary: Membrane acts as a server-side proxy and manages auth; using this skill will route your Azure DevOps requests and credentials through Membrane's services. Only proceed if you trust Membrane's operator and privacy/security practices. - Supply-chain risk: installing a global npm package executes third-party code on your machine. Review the @membranehq/cli package source (or the referenced GitHub repo), prefer pinned versions, and avoid installing global packages on sensitive/production hosts without review. - Least privilege: if you must use this, create an Azure DevOps connection/account with minimal permissions and audit what the Membrane connection can access. - Verification steps: check the homepage and the GitHub repository referenced in SKILL.md to confirm the package and CLI are legitimate; confirm the npm package name and maintainer; prefer installing locally or using a container rather than a system-wide global install. Given the inconsistency and the need to trust an external proxy, treat this skill as "suspicious" until you verify the publisher, the CLI package contents, and the privacy/security posture of Membrane.

Like a lobster shell, security has layers — review code before you run it.

latestvk970qbhp892ebcdsrqgnpk6mjn847xc3

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments