ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Easysendy

v1.0.2

EasySendy integration. Manage Users, Organizations, Goals, Filters. Use when the user wants to interact with EasySendy data.

0· 97·0 current·0 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name and description (EasySendy integration to manage subscribers, lists, etc.) align with the runtime instructions which describe using the Membrane CLI to connect to EasySendy and run actions or proxy requests. No unrelated services or credentials are requested.
Instruction Scope
SKILL.md only instructs use of Membrane CLI commands (login, connect, action run, request proxy). It requires network access and a Membrane account, and does not direct reading of unrelated files, system paths, or asking for arbitrary secrets. It does rely on browser-based auth flow for login as documented.
Install Mechanism
No install spec embedded in the registry (instruction-only). It recommends installing @membranehq/cli via `npm install -g`, which is a normal distribution method but does modify a system-wide npm global. Users should verify the package and publisher before installing.
Credentials
The skill declares no required environment variables or primary credentials and explicitly instructs to let Membrane handle credentials. The requested capabilities are proportional to the described integration.
Persistence & Privilege
always is false and the skill does not request persistent system-wide configuration or elevated privileges. It does rely on Membrane's server-side connections for auth; autonomous invocation is enabled by default but is not combined with other concerning permissions.
Assessment
This skill is consistent and instruction-only: it tells the agent to use the Membrane CLI to connect to EasySendy rather than asking you for API keys locally. Before installing or running commands, verify the @membranehq/cli npm package and its publisher (to avoid installing a malicious global package), confirm the Membrane homepage and OAuth redirect pages look legitimate during login, and ensure you are comfortable with Membrane managing the EasySendy credentials server-side. If you prefer, you can avoid global installs by using a controlled environment (container or isolated VM) or by installing the CLI locally for your user account.

Like a lobster shell, security has layers — review code before you run it.

latestvk97879eqssq38ep1xw698a4hhd843djr

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments