ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Klaxoon

v1.0.2

Klaxoon integration. Manage Users, Organizations, Filters. Use when the user wants to interact with Klaxoon data.

0· 98·0 current·0 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The skill's name and description say it integrates with Klaxoon and the SKILL.md instructs using the Membrane CLI to connect, list actions, run actions, and proxy requests to Klaxoon—these requirements are appropriate for that purpose.
Instruction Scope
Runtime instructions are limited to using the Membrane CLI, opening browser-based auth flows, listing and running actions, and proxying requests to Klaxoon via Membrane. The instructions do not ask the agent to read unrelated files, environment variables, or system configuration.
Install Mechanism
No install spec in the skill bundle (instruction-only). The SKILL.md recommends installing @membranehq/cli globally via npm (-g). This is expected for a CLI-based integration but installing global npm packages modifies the host environment and depends on trusting the Membrane CLI package and its upstream source.
Credentials
The skill declares no required environment variables or credentials; it relies on Membrane to handle auth. This is proportionate to the stated function and avoids direct credential requests.
Persistence & Privilege
The skill is not always-enabled and is user-invocable; it does not request persistent system privileges or modify other skills. Autonomous invocation is allowed by platform default and not combined with other concerning privileges here.
Assessment
This skill appears coherent: it delegates Klaxoon access to the Membrane CLI rather than asking for raw API keys. Before installing or using it, verify you trust the Membrane CLI package and its publisher (npm package @membranehq/cli and the referenced repository/homepage), because installing a global npm package grants that CLI code the ability to run on your machine. Be prepared to complete browser-based authentication for Membrane and confirm what Klaxoon scopes/permissions the connector requests. If you need higher assurance, review Membrane's privacy/security docs and the CLI source code in the referenced repository before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk9707e3t19rsfwvktgpyhy8bnd843fng

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments