ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Lessaccounting

v1.0.2

LessAccounting integration. Manage Organizations. Use when the user wants to interact with LessAccounting data.

0· 64·0 current·0 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description match the instructions: the skill uses Membrane's CLI to access LessAccounting. That makes sense for the stated purpose. However the SKILL.md contains a contradiction about where credentials live (it describes credentials being stored locally at ~/.membrane/credentials.json while also saying "server-side with no local secrets").
!
Instruction Scope
Runtime instructions tell the agent to run npx @membranehq/cli@latest commands which will fetch and execute remote code, store credentials under the user's home (~/.membrane/credentials.json), and allow proxying arbitrary requests (including passing full URLs). The proxy/full-URL feature and local credential storage create opportunities for unintended authenticated requests or token exposure if misused.
!
Install Mechanism
There is no install spec in the package, but the SKILL.md instructs use of npx @membranehq/cli@latest. Using npx with @latest downloads and executes code from the npm registry at runtime (supply-chain risk) and lacks a pinned version for reproducibility.
Credentials
The skill requests no environment variables (reasonable). But it relies on the Membrane CLI which persists sensitive credentials to ~/.membrane/credentials.json; the skill does not declare or explain access to that file explicitly in registry metadata, which is worth noting.
Persistence & Privilege
always is false and the skill does not request elevated platform privileges. The only persistence is the Membrane CLI storing credentials under the user's home directory as described in the docs; the skill itself does not attempt to modify other skills or system-wide agent settings.
What to consider before installing
This instruction-only skill looks like a legitimate Membrane-based LessAccounting integration, but take these precautions before using it: 1) Verify you trust the Membrane CLI publisher (inspect the package on npm or GitHub) and prefer a pinned CLI version rather than @latest. 2) Be aware the CLI will store credentials in ~/.membrane/credentials.json — inspect that file and its permissions and consider using an isolated/test account. 3) Avoid sending or allowing the skill to use arbitrary full URLs via the proxy (that could cause unexpected authenticated requests). 4) If you need stronger assurance, manually run and inspect the Membrane CLI commands yourself (or install the CLI from a vetted source) rather than letting an agent run npx automatically. 5) Ask the skill author to resolve the contradictory statements about "server-side/no local secrets" vs local credential storage and to provide a pinned CLI version and provenance information.

Like a lobster shell, security has layers — review code before you run it.

latestvk97522fh5nfs9dggd1axav47g1843bxp

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments