ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Falcosecurity

v1.0.0

Falcosecurity integration. Manage data, records, and automate workflows. Use when the user wants to interact with Falcosecurity data.

0· 25·0 current·0 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (Falcosecurity integration) align with the instructions: using the Membrane CLI to connect, list actions, run actions, and proxy API requests to Falco. Required capabilities (network and a Membrane account) are appropriate for this purpose.
Instruction Scope
Instructions stay within the stated purpose (discover/connect to Falco via Membrane and run actions). They explicitly allow arbitrary proxied requests to the Falco API through Membrane — which is expected for a proxy-style integration but means Membrane will see/request whatever API paths you send. Instructions do not ask the agent to read local files or unrelated environment variables.
Install Mechanism
No install spec in registry metadata, but SKILL.md instructs users to run `npm install -g @membranehq/cli`. Global npm installs execute third-party code and modify the environment; this is common for CLIs but carries the usual supply-chain/execution risk. Consider using npx or reviewing the package before installing.
Credentials
The skill declares no required environment variables or credentials. Authentication is handled by Membrane via browser flows and managed connections; this is proportionate for the described proxy/integration role. Note: trusting Membrane with API access is a policy/privacy decision for the user/organization.
Persistence & Privilege
The skill is instruction-only, has no install artifacts, and is not marked always:true. It does not request persistent modification of other skills or system-wide settings.
Assessment
This skill is coherent: it uses the Membrane CLI to connect to Falcosecurity and does not request unrelated secrets. Before using it, consider: (1) you will need to install/run a third-party CLI via npm (global install executes code from the npm package—use npx or inspect the package if you prefer); (2) Membrane will proxy requests and manage credentials, so Membrane's servers/operators will have access to whatever Falco API endpoints/records you query—review Membrane's privacy/security posture and policies; (3) the skill itself does not auto-install or request env vars, so nothing runs until you invoke the CLI or follow the SKILL.md steps; (4) if you operate in a high-security environment, validate that proxying through a third party meets your compliance requirements.

Like a lobster shell, security has layers — review code before you run it.

latestvk9717merzdwbhgx2ta01neqhch844gfr

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments