ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Bugsnag

v1.0.2

Bugsnag integration. Manage data, records, and automate workflows. Use when the user wants to interact with Bugsnag data.

0· 113·0 current·0 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (Bugsnag integration) match the instructions: the skill instructs the agent to use the Membrane CLI to create connections, list/run actions, and proxy requests to Bugsnag. Using a CLI that manages connectors is appropriate for this purpose.
Instruction Scope
SKILL.md confines the agent to installing/using the Membrane CLI, running login flows, creating connections, listing and running actions, and proxying requests to the Bugsnag API. It does not instruct reading unrelated local files, harvesting other credentials, or sending data to unexpected endpoints. The guidance to prefer Membrane and not ask users for API keys is explicit.
Install Mechanism
This is an instruction-only skill (no install spec), but it tells users/agents to run `npm install -g @membranehq/cli`. Installing a public npm CLI is a common and reasonable step, but it does introduce the usual npm install risks (execute code from the registry). There are no downloads from untrusted URLs or extract steps in the skill itself.
Credentials
The skill declares no required env vars or credentials and explicitly recommends using Membrane-managed connections instead of asking for API keys. No unrelated secrets or config paths are requested.
Persistence & Privilege
Skill does not request always:true and does not modify other skills or system configs. It is user-invocable and allows normal autonomous invocation (platform default).
Assessment
This skill appears coherent: it expects you to install and use the Membrane CLI to connect to Bugsnag and delegates auth to Membrane. Before installing, verify that you trust the @membranehq/cli package on npm (check the package page, publisher, and version history) because the SKILL.md directs a global npm install. Also confirm you trust Membrane as the OAuth/auth broker for your Bugsnag account (the connector opens a browser login). If you're in a locked-down or high-security environment, avoid global npm installs or run the CLI in an isolated environment. Finally, the skill does not ask for extra credentials or read unrelated files; if you see prompts later requesting unrelated secrets, treat that as suspicious.

Like a lobster shell, security has layers — review code before you run it.

latestvk97bsyc9fc6f6agh1my4rk7tbs8439c7

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments