Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Gist
v1.0.2Gist integration. Manage Organizations. Use when the user wants to interact with Gist data.
⭐ 0· 83·0 current·0 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The skill name/description say 'Gist' (which normally implies GitHub Gists), but the SKILL.md lists actions like list-contacts, list-conversations, campaigns, tags, segments — concepts unrelated to GitHub Gists. The homepage and instructions point to Membrane (a generic API proxy) rather than GitHub Gist specifically. This incoherence between claimed purpose and actual described capabilities is the primary red flag.
Instruction Scope
Runtime instructions are instruction-only and tell the agent to install and use the Membrane CLI, login via browser, create connections, list and run actions, and proxy requests to an API via Membrane. Those instructions do not request arbitrary local files or environment variables, but they assume the user will grant Membrane account access and run a global npm install. The instructions themselves are reasonably scoped, but they don't resolve the mismatch about which upstream service (GitHub Gist vs some workspace/contact service) is being controlled.
Install Mechanism
There is no formal install spec in the registry; the SKILL.md instructs the user to run `npm install -g @membranehq/cli`. Asking users to install a global npm CLI is not unusual but is a non-trivial side-effect (writes to disk, adds a global binary). The instruction references an npm package from a named organization — inspect that package before installing and prefer ephemeral/sandboxed environments if unsure.
Credentials
The skill declares no required environment variables or credentials and advises letting Membrane handle auth in-browser. That is proportionate. However, using the skill requires giving Membrane account access to whichever upstream service is connected; users should verify what data Membrane will see and how it will be stored/handled.
Persistence & Privilege
The skill does not request always:true or other elevated persistence. It is user-invocable and allows autonomous invocation (the platform default). Nothing in the manifest indicates it will modify other skills or system-wide settings.
What to consider before installing
This skill appears to be an adapter for the Membrane CLI, but its name and action list don't match GitHub Gist behavior — verify what 'Gist' means here before installing. Ask the publisher which upstream service is actually targeted (GitHub Gists vs a separate 'Gist' workspace product). If you proceed: (1) inspect the NPM package @membranehq/cli on the official registry and the repository linked in the SKILL.md; (2) avoid installing global packages on production machines — use a sandbox or container; (3) confirm what account permissions you will grant to Membrane and whether giving Membrane access to your data is acceptable; (4) test actions with least-privilege or on test accounts first. If the mismatch is unexplained, treat the skill as untrusted.Like a lobster shell, security has layers — review code before you run it.
latestvk9723mv9vz390af1knq7frfxy1842s9s
License
MIT-0
Free to use, modify, and redistribute. No attribution required.