ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Mirantis

v1.0.0

Mirantis integration. Manage data, records, and automate workflows. Use when the user wants to interact with Mirantis data.

0· 47·0 current·0 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description say 'Mirantis integration' and the SKILL.md consistently documents using the Membrane CLI as a proxy to Mirantis APIs. Requiring the Membrane CLI (via npm) and network/browser auth matches the stated goal.
Instruction Scope
Instructions are limited to installing and using the Membrane CLI, creating connections, listing actions, running actions, and proxying API calls. They do not direct the agent to read unrelated files, exfiltrate environment variables, or change system configurations outside installing/running the CLI and authenticating.
Install Mechanism
There is no registry install spec; runtime instructions recommend 'npm install -g @membranehq/cli' or using npx. This is appropriate for the documented workflow but global npm installs carry the normal supply-chain/trust risks of public npm packages.
Credentials
The skill declares no required env vars or credentials. Authentication is delegated to Membrane's browser-based flow (no local API keys requested), which is proportionate to a connector-style integration.
Persistence & Privilege
always is false and the skill is instruction-only. It does not request persistent elevated privileges or modify other skills' configs.
Assessment
This skill is coherent: it delegates Mirantis access to the Membrane service and instructs installing @membranehq/cli. Before installing, verify you trust the Membrane project and the npm package (review the package and its GitHub repo), be aware that the CLI will open browser-based auth (or print a URL for headless flows), and that once connected the agent can run proxied API requests to your Mirantis account via Membrane. If you prefer tighter isolation, run the CLI in a container or review Membrane's privacy/security docs and the connector's permissions before creating connections.

Like a lobster shell, security has layers — review code before you run it.

latestvk972eqgc3gjnjm5fk53qnyart584c909

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments