ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Mobile Text Alerts

v1.0.2

Mobile Text Alerts integration. Manage Accounts. Use when the user wants to interact with Mobile Text Alerts data.

0· 138·0 current·0 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (Mobile Text Alerts integration) match the instructions: discover/connect to a Mobile Text Alerts connector and run actions or proxied API requests via the Membrane CLI. Requested capabilities (network access, Membrane account) are expected.
Instruction Scope
SKILL.md only instructs the agent to install and use the Membrane CLI, perform connection discovery, run actions, or proxy requests to the Mobile Text Alerts API. It explicitly discourages asking for raw API keys and does not instruct reading unrelated files or secrets.
Install Mechanism
This is an instruction-only skill (no install spec), but it tells users to run `npm install -g @membranehq/cli` and suggests `npx` in places. Installing a global npm package modifies the host environment and pulls code from the public npm registry — not inherently malicious, but you should verify the package and prefer `npx` or a scoped/local install if you want less system-wide change.
Credentials
No environment variables, credentials, or config paths are requested by the skill. The SKILL.md relies on Membrane to manage credentials server-side, which matches the stated design (no local secrets).
Persistence & Privilege
The skill is not always-enabled and is user-invocable. It does not request elevated or persistent platform privileges, nor does it instruct modifying other skills or system-wide agent configs.
Assessment
This skill appears to do what it says: it uses the Membrane CLI to access Mobile Text Alerts. Before installing or running it: (1) verify the @membranehq/cli package on npm and the project homepage/repo match your expectations; (2) prefer running via `npx @membranehq/cli@latest` or a local install if you want to avoid a global npm install; (3) ensure you trust Membrane to hold your Mobile Text Alerts credentials (the skill delegates auth to their service); and (4) be aware the agent will run CLI commands that require network access and open a browser for login. If any of those steps are unacceptable, do not install/use the skill.

Like a lobster shell, security has layers — review code before you run it.

latestvk97ekg9741p0fj56f1b4zwy3wn8420zn

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments