ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Cisco Webex

v1.0.2

Cisco Webex integration. Manage data, records, and automate workflows. Use when the user wants to interact with Cisco Webex data.

0· 108·0 current·0 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description match the instructions: the skill is a Cisco Webex integration implemented via the Membrane CLI and requires a Membrane account and network access. Requested artifacts (membrane CLI and a Membrane connection) are proportional to the stated purpose.
Instruction Scope
SKILL.md limits actions to installing the Membrane CLI, logging in, creating/using a Webex connection, running pre-built actions, or proxying raw Webex API requests through Membrane. It does not instruct the agent to read unrelated system files, environment variables, or exfiltrate local data.
Install Mechanism
The skill instructs the user to run a global npm install (npm install -g @membranehq/cli). This is a common distribution method but does modify the system PATH and can require elevated privileges; users should verify the package and author before installing globally.
Credentials
No environment variables, config paths, or credentials are required by the skill. The docs explicitly state Membrane manages credentials server-side and warn not to ask users for API keys, which is proportionate to the integration's design.
Persistence & Privilege
The skill is not always-enabled and has default invocation settings. It does not request any special persistent system presence or modify other skills' configs.
Assessment
This skill is instruction-only and appears coherent, but before installing or using it: (1) verify that @membranehq/cli is the official package you intend to install (npm packages run code on your machine and global installs change PATH); (2) understand that using Membrane's proxy means API calls and some Webex data (requests/responses) will flow through Membrane's service—confirm their privacy/security policy meets your requirements; (3) review the OAuth consent screens and permissions during the Membrane login/connector flow so you know what Webex scopes the connector obtains; and (4) if you require stricter controls, consider using scoped installs or running the CLI in an isolated environment rather than a global install.

Like a lobster shell, security has layers — review code before you run it.

latestvk970pwfn9cxwj8trr67qg7x1pd843vsx

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments