Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Businesslogic
v1.0.0BusinessLogic integration. Manage data, records, and automate workflows. Use when the user wants to interact with BusinessLogic data.
⭐ 0· 68·0 current·0 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill is described as a BusinessLogic/Membrane integration but the registry metadata lists no required credentials or primaryEnv while the SKILL.md header explicitly says a valid Membrane account is required. The homepage (getmembrane.com), repository (membranedev), and the 'official docs' link (businesslogic.com) do not consistently match the declared source, creating ambiguity about the integration's true backend.
Instruction Scope
This is an instruction-only skill whose runtime file claims network access and a Membrane account but does not specify concrete auth flows, env var names, endpoints, or exact API calls. The SKILL.md also includes large blocks of irrelevant/filler content (lists of entities, unrelated words), making the actionable instructions unclear and granting broad discretion to an agent if followed verbatim.
Install Mechanism
No install spec and no code files are present, so nothing will be written to disk or automatically installed. That lowers installation risk.
Credentials
The SKILL.md states a Membrane account is required but requires.env is empty and no 'primary credential' is declared. This mismatch leaves open how credentials are supplied (interactive prompt, pasted token, or undocumented env vars) and is disproportionate to the metadata provided.
Persistence & Privilege
always is false and the skill is user-invocable with normal autonomous invocation allowed. The skill does not request persistent system-wide privileges or configuration changes in the manifest.
What to consider before installing
Do not install or grant credentials yet. Ask the skill author to: (1) state exactly which credentials or env variables are required (names and scopes), (2) show the concrete API endpoints and auth flow it will use, and (3) confirm the canonical homepage/repository for the skill. Inspect the full SKILL.md to verify there are no hidden commands or external endpoints. Prefer providing a least-privilege test account (or sandbox) if you want to try it, and avoid pasting or storing full admin API tokens until the above is clarified. If the author cannot clearly document these points, treat the skill as untrusted.Like a lobster shell, security has layers — review code before you run it.
latestvk97ez9d5v8dawvjfq4cym7fqqn83k5qa
License
MIT-0
Free to use, modify, and redistribute. No attribution required.