Happyfox Chat
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: happyfox-chat Version: 1.0.4 The skill bundle provides instructions for an AI agent to integrate with HappyFox Chat via the Membrane CLI. It outlines standard procedures for authentication, connection management, and executing API actions (e.g., retrieving chat transcripts or agent profiles) through the Membrane platform. The instructions in SKILL.md and metadata in _meta.json do not contain any evidence of malicious intent, data exfiltration, or suspicious obfuscation.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the agent runs a create, update, delete, ban, integration, or billing-related action, it could change HappyFox Chat account data.
The skill uses a generic action runner for the HappyFox Chat connection. This is appropriate for an integration, but broad action execution can include account-changing operations if the selected action is mutating.
Use action names and parameters as needed. ... membrane action run <actionId> --connectionId=CONNECTION_ID --input '{"key": "value"}' --jsonConfirm the exact action and input before running state-changing operations, and prefer read-only actions unless the user clearly requested a change.
The connected Membrane/HappyFox account may allow the agent to read or modify support data depending on granted permissions.
The skill requires delegated authentication through Membrane to access HappyFox Chat. This is expected for the integration, but it means account credentials or tokens are part of the workflow.
Requires network access and a valid Membrane account ... Membrane handles authentication and credentials refresh automatically
Use a dedicated or least-privileged HappyFox/Membrane account when possible, and disconnect the integration when it is no longer needed.
The behavior of the integration depends on the currently published Membrane CLI package at install time.
The setup relies on a globally installed npm package pinned to the latest version. This is a normal user-directed setup step, but the exact code version is not fixed by the skill artifact.
npm install -g @membranehq/cli@latest
Install the CLI from the official package source, consider pinning a known-good version, and review npm package provenance in sensitive environments.
Customer chat transcripts and visitor details could enter the agent context or be shown in outputs.
The documented actions can retrieve visitor records and chat transcripts, which may contain customer or business-sensitive information and are accessed through the Membrane integration path.
List Visitors - Retrieve all visitors who have interacted with the chat widget ... Get Transcript - Retrieve a specific chat transcript by its ID
Avoid broad transcript or visitor exports unless needed, and redact sensitive customer information before sharing outputs.