ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Notarize

v1.0.2

Notarize integration. Manage Documents, Templates, Workflows, Users, Roles. Use when the user wants to interact with Notarize data.

0· 76·0 current·0 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description match the runtime instructions: the SKILL.md shows how to use the Membrane CLI to connect to Notarize and run actions or proxied requests. Required resources (a Membrane account and network access) are appropriate for this purpose; there are no unrelated env vars or config paths requested.
Instruction Scope
The instructions are narrowly scoped to installing/logging into the Membrane CLI, creating connections, listing actions, running actions, and proxying API requests. They do not ask the agent to read unrelated files, harvest environment variables, or transmit data to unexpected endpoints.
Install Mechanism
This is an instruction-only skill (no install spec). The SKILL.md tells users to run `npm install -g @membranehq/cli` or use `npx` — which will install or run a global npm package on the host. That is expected for a CLI-based integration but does write code to disk and modify system state, so users should verify the package source before installing.
Credentials
No environment variables, credentials, or config paths are declared or requested. The skill explicitly advises against asking users for API keys and relies on Membrane to manage auth, which is proportionate to the stated functionality.
Persistence & Privilege
The skill does not request permanent presence (always:false) and does not attempt to modify other skills or system-wide agent settings. Autonomous invocation is allowed (platform default) and is not combined with other concerning privileges.
Assessment
This skill appears to be what it says: a Notarize integration driven through the Membrane CLI. Before installing or running the CLI, verify the @membranehq/cli package and its source (npm listing and GitHub repo), and review any OAuth scopes presented when you run `membrane login`. Installing the CLI globally will write files to your system — if you prefer, use `npx` or run inside an isolated environment. Do not paste your Notarize/API secrets into chat; follow the connection flow so Membrane can handle credentials server-side. If you have strict security policies, review the Membrane privacy/security docs and the connector's permissions before proceeding.

Like a lobster shell, security has layers — review code before you run it.

latestvk9798taxsrr20xvd97j7jr7vgd842pd0

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments