ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Freedcamp

v1.0.2

Freedcamp integration. Manage Organizations. Use when the user wants to interact with Freedcamp data.

0· 114·0 current·0 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (Freedcamp integration) align with the contents of SKILL.md: all instructions are about using Membrane to connect to Freedcamp and run actions. No unrelated credentials, binaries, or config paths are requested.
Instruction Scope
SKILL.md is narrowly scoped to running Membrane CLI commands, creating connections, listing actions, and optionally proxying Freedcamp API calls via Membrane. It does not instruct reading arbitrary files, accessing unrelated environment variables, or exfiltrating data to unexpected endpoints.
Install Mechanism
This is an instruction-only skill (no install spec). It tells users to install the Membrane CLI via `npm install -g @membranehq/cli`, which is a reasonable, traceable installation method but does require installing a global npm package (permission/elevation and supply-chain considerations apply).
Credentials
The skill declares no required env vars or credentials and explicitly instructs not to ask users for API keys, instead relying on Membrane-managed connections. That is proportionate to the stated purpose.
Persistence & Privilege
The skill is not always-enabled, is user-invocable, and makes no requests to modify other skills or system-wide settings. Autonomous invocation is allowed (platform default) but this does not combine with other red flags here.
Assessment
This skill appears coherent and only requires the Membrane CLI and a Membrane account. Before installing, confirm you trust the @membranehq/cli npm package (check the package's npm/GitHub pages, maintainers, and recent release history). Installing globally with npm may require elevated permissions; consider using a dedicated environment (container or VM) if you prefer to reduce risk. If you are concerned about supply-chain risk, review Membrane's docs or source before granting access to your Freedcamp account via their connector.

Like a lobster shell, security has layers — review code before you run it.

latestvk97fyj86cnwtsvxqvtpjz99jt1842p4t

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments