ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Element

v1.0.2

Element integration. Manage data, records, and automate workflows. Use when the user wants to interact with Element data.

0· 90·0 current·0 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill's name/description (Element integration) aligns with the runtime instructions (use Membrane to connect to Element and run actions). However, the metadata declares no required binaries while the instructions explicitly require the Membrane CLI (and npm/npx) — a coherence gap between claimed requirements and actual runtime needs.
Instruction Scope
SKILL.md gives precise CLI workflows for discovering connections/actions, running actions, and proxying arbitrary Element API requests through Membrane. That scope is consistent with an integration skill, but the 'request/proxy' capability allows arbitrary API calls to the user’s Element tenant via the connector, so the agent (if it runs these commands) could read or modify any data accessible through that connection.
!
Install Mechanism
There is no formal install spec in the registry entry, yet the instructions ask the user/agent to run `npm install -g @membranehq/cli` and use `npx @membranehq/cli@latest`. Installing an npm package globally or executing an unpinned `@latest` via npx can run arbitrary code from the registry — a moderate risk. The registry metadata should have declared required binaries and/or an install spec; its absence is a red flag.
Credentials
The skill does not request environment variables, files, or credentials in metadata. SKILL.md explicitly advises letting Membrane handle credentials and not asking users for API keys. There is no evidence the skill needs unrelated secrets.
Persistence & Privilege
always is false, no config paths are requested, and there is no indication the skill modifies other skills or system-wide settings. Autonomous invocation is allowed (platform default); combine this with the ability to run CLI commands if you want stricter control.
What to consider before installing
This instruction-only skill appears to do what it says (use Membrane to access Element), but metadata omits required binaries while the docs instruct installing and running the Membrane CLI via npm/npx. Before you install or let an agent run this skill: 1) Verify @membranehq/cli is legitimate (check the npm page, GitHub repo, and getmembrane.com) and prefer pinned versions rather than `@latest`; 2) Avoid global npm installs on sensitive machines — consider running in an isolated/container environment; 3) Understand that connecting via Membrane grants the connector access to anything your Element account permits, and the skill's proxy command can run arbitrary API calls; 4) If you want stricter control, ask for the registry metadata to be updated to list required binaries and an install spec, or disable autonomous invocation so a human reviews/approves CLI commands. If you provide the skill's repository URL or a verified owner, I can re-evaluate and may raise confidence.

Like a lobster shell, security has layers — review code before you run it.

latestvk97eq9fjhee1tkh1f04eyjcn198421dy

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments