ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Ifttt

v1.0.2

IFTTT integration. Manage Applets, Services, Users. Use when the user wants to interact with IFTTT data.

0· 67·0 current·0 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name and description match the instructions: the SKILL.md consistently instructs using the Membrane CLI to manage IFTTT applets, services, actions, and proxy requests to IFTTT. The required capability (network access and a Membrane account) is consistent with the stated purpose.
Instruction Scope
Instructions are focused on running the Membrane CLI to authenticate, list connections, run actions, and proxy arbitrary HTTP requests to IFTTT. They do not ask to read unrelated files or environment variables. Note: the skill suggests credentials are stored at ~/.membrane/credentials.json (sensitive local file) and allows proxying full URLs — both are relevant security concerns even if functionally justified.
!
Install Mechanism
No install spec in the registry, but the runtime instructions use `npx @membranehq/cli@latest`, which will fetch and execute code from the public npm registry at runtime. Using an unpinned `@latest` install increases supply-chain risk. This dynamic fetch is the primary install vector and should be treated as a moderate-risk action.
Credentials
The registry lists no required environment variables, and the skill doesn't request unrelated credentials. However, the SKILL.md requires a Membrane account and implies local credential storage (~/.membrane/credentials.json) but does not declare this as a primaryEnv in metadata — a minor mismatch that reduces transparency. The ability to proxy arbitrary requests could be used to access or exfiltrate data if misused.
Persistence & Privilege
The skill is not always-on and is user-invocable (defaults). It doesn't request modification of other skills or system-wide settings. Note: since model invocation is enabled (default), an agent could autonomously run the CLI commands; combined with the npx fetch and proxy capability, this increases blast radius if the skill or the fetched CLI were malicious.
What to consider before installing
This skill appears to do what it says: it uses Membrane to work with IFTTT. Before installing, consider the following: (1) the instructions run `npx @membranehq/cli@latest` which will download and execute code from npm each time — prefer a pinned version or review the CLI code first; (2) the CLI stores credentials in ~/.membrane/credentials.json — ensure you are comfortable with that local storage and where those credentials are used; (3) the skill lets you proxy arbitrary URLs via Membrane, which is powerful but could be misused to access internal services or exfiltrate data, so restrict usage and review requests carefully; (4) the skill registry lists no homepage or source — if possible, verify the publisher/owner and inspect the Membrane CLI project and policies before granting access. If you need lower risk, ask for a version-pinned install or run commands in an isolated environment (sandbox/VM) and review logs for unexpected requests.

Like a lobster shell, security has layers — review code before you run it.

latestvk97f40x29vf6kzd6qagtd5pzgx842hdz

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments