ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Cascade Strategy

v1.0.2

Cascade Strategy integration. Manage data, records, and automate workflows. Use when the user wants to interact with Cascade Strategy data.

0· 86·0 current·0 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description state it's a Cascade Strategy integration and the instructions exclusively describe using the Membrane CLI to discover and run Cascade-specific actions and API requests — the requested capabilities match the purpose.
Instruction Scope
SKILL.md instructs the agent/user to install and use the Membrane CLI, create connections, run actions, and proxy arbitrary API requests via Membrane. This is within the integration's scope, but the proxy feature allows arbitrary requests to the Cascade API (read/write), so callers should be aware the skill can be used to fetch or modify any accessible Cascade data.
Install Mechanism
No formal install spec is provided in the registry (instruction-only), but the doc tells users to run `npm install -g @membranehq/cli`. Installing a public npm CLI globally is a reasonable mechanism for this skill but has the usual trust and system-modification considerations with global npm installs.
Credentials
The skill does not request environment variables, credentials, or config paths. It relies on Membrane to manage credentials and browser-based login, which is proportionate for a connector-style integration.
Persistence & Privilege
The skill is instruction-only, has no install that writes files on behalf of the platform, does not set always:true, and does not request elevated or cross-skill config access.
Assessment
This skill is coherent for interacting with Cascade Strategy via the Membrane CLI. Before installing or enabling it: (1) verify you trust the @membranehq/cli package (check the npm page and the GitHub repo referenced in the doc), (2) be aware you will need to complete a browser-based login that grants Membrane access to your Cascade data, and (3) understand that the skill (via Membrane's proxy) can run arbitrary GET/POST/PUT/etc. requests against Cascade APIs — so grant the minimum privileges you need and restrict autonomous agent invocation if you don't want it to read or modify production data without explicit approval.

Like a lobster shell, security has layers — review code before you run it.

latestvk978h8jmnybndmbx4v972c137s843pvv

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments