ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Mx Technologies

v1.0.2

MX Technologies integration. Manage Users, Organizations, Pipelines, Goals, Filters, Files and more. Use when the user wants to interact with MX Technologies...

0· 88·0 current·0 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description match the instructions: all runtime steps are about using Membrane to manage MX Technologies resources. No unrelated services, credentials, or system subsystems are requested.
Instruction Scope
SKILL.md contains concrete CLI commands for installing the Membrane CLI, authenticating, listing/connecting, running actions, and proxying requests. All instructions stay within the stated goal (interacting with MX via Membrane) and explicitly advise against collecting API keys locally.
Install Mechanism
This is an instruction-only skill (no install spec). It tells the user to run `npm install -g @membranehq/cli` or use `npx` — a reasonable, common approach. Because it delegates installation to the user, risk is limited, but users should verify the authenticity of the @membranehq package before globally installing an npm package.
Credentials
No environment variables, credentials, or config paths are required by the skill. The instructions rely on Membrane to handle auth server-side, which is proportionate to the stated purpose.
Persistence & Privilege
The skill does not request always:true and does not ask to modify other skills or system-wide settings. It is user-invocable and can be used interactively or by an agent (default model invocation), which aligns with normal behavior.
Assessment
This skill appears coherent and limited to using the Membrane CLI to interact with MX APIs. Before installing or running commands: (1) verify the @membranehq/cli package and its publisher on npm/GitHub, (2) prefer using npx for one-off runs if you don't want a global install, (3) perform the first authentication in a browser and avoid pasting secrets into chat, and (4) review Membrane’s privacy/security docs if you will allow it to broker financial credentials on your behalf.

Like a lobster shell, security has layers — review code before you run it.

latestvk97eshysh9wbrvssrmkj2shbvh843sbm

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments