ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Logdna

v1.0.2

LogDNA integration. Manage data, records, and automate workflows. Use when the user wants to interact with LogDNA data.

0· 117·0 current·0 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the instructions: the SKILL.md instructs the agent to use the Membrane CLI to connect to LogDNA, list actions, run actions, and proxy API requests. There are no unrelated credential or binary requirements.
Instruction Scope
Instructions require installing and running the @membranehq/cli, performing browser-based login (or headless flow), creating connections, and using a Membrane proxy to call LogDNA APIs. This is coherent for a LogDNA integration, but it means requests and potentially sensitive log data will transit Membrane's service — the SKILL.md explicitly says to let Membrane handle credentials and not to ask users for API keys.
Install Mechanism
The registry has no install spec, but the SKILL.md instructs users to run `npm install -g @membranehq/cli`. Installing an npm package runs third-party code on the host; this is expected for a CLI but you should verify the package and publisher before installing.
Credentials
The skill declares no required env vars or credentials and instead relies on a Membrane account and browser-based auth. That is proportionate to the described functionality.
Persistence & Privilege
The skill is not always-enabled and does not request elevated persistence or system-wide config changes. It allows normal autonomous invocation (platform default), which is expected for skills.
Assessment
This skill is an instructions-only wrapper for the Membrane CLI to reach LogDNA — that's coherent, but there are a few practical risks to consider before using it: 1) The SKILL.md tells you to install @membranehq/cli via npm; installing any global npm package executes third-party code on your machine, so verify the package (publisher, npm page, GitHub repo) before installing. 2) Membrane acts as a proxy and manages credentials server-side — any LogDNA requests and log payloads will transit Membrane's service, so do not send highly sensitive secrets or PII unless you trust Membrane's policies. 3) Browser-based auth will open a session tied to your Membrane account; review what permissions the connector requests. 4) Because this skill is instruction-only, the registry scan had no code to analyze; if you need stronger assurance, inspect the referenced @membranehq/cli project and the repository linked in the SKILL.md before installing or granting access.

Like a lobster shell, security has layers — review code before you run it.

latestvk971s5w16d0b4hg3v79653sq1s843z21

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments