ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Folk

v1.0.0

Folk integration. Manage data, records, and automate workflows. Use when the user wants to interact with Folk data.

0· 50·0 current·0 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The skill's name/description (Folk integration) aligns with the actions described (using Membrane to run actions and proxy requests to the Folk API). Minor inconsistency: the registry metadata lists no required binaries, yet the SKILL.md explicitly instructs installing the @membranehq/cli so the agent can run the `membrane` command. That missing declaration is a metadata omission but does not indicate malicious intent.
Instruction Scope
SKILL.md only instructs use of the Membrane CLI (login, connect, action list/run, and proxy requests). It does not direct reading arbitrary local files, environment variables, or posting data to endpoints outside Membrane/Folk. The instructions explicitly recommend not asking users for API keys (Membrane handles auth).
Install Mechanism
There is no automated install spec in the registry; SKILL.md tells the user to run `npm install -g @membranehq/cli`. Installing an npm CLI globally will execute code on the host and modify PATH—this is expected for a CLI-based integration but is something to be cautious about. The package is referenced by an npm-style name (not a raw URL), which is lower risk than arbitrary downloads, but you should verify the package's publisher/registry before installing.
Credentials
No environment variables or local credentials are requested. Auth is delegated to Membrane via an interactive login flow, which is proportionate for a CRM integration. There are no asks for unrelated secrets or broad environment access.
Persistence & Privilege
The skill is not always-enabled and does not request elevated persistence or modifications to other skills. It relies on the normal autonomous-invocation default (disable-model-invocation=false), which is expected for integrations and not flagged by itself.
Assessment
This skill appears to do what it says: it uses the Membrane CLI to access Folk and does not request unrelated secrets. Before installing or running it: 1) Verify the Membrane CLI package (@membranehq/cli) on npm (publisher, download count, repo) and prefer running it via npx or in a sandbox/container instead of a global `-g` install to limit exposure. 2) Be aware that using the skill causes network calls to Membrane and (via Membrane) to Folk—you are granting Membrane access to the data you connect. 3) Note the registry metadata omission: the SKILL.md expects the `membrane` binary but the skill metadata didn't list it as required; this is likely an oversight but confirm the CLI is available in your environment. 4) If you need higher assurance, ask the skill author for a link to the exact Membrane CLI release and the repository/package checksum, or run the CLI only in an isolated environment.

Like a lobster shell, security has layers — review code before you run it.

latestvk97b806jvhs2caa36aaza3mnyx84aecy

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments