Oncehub

Security checks across static analysis, malware telemetry, and agentic risk

Overview

No hidden or malicious behavior is evident; this is a disclosed OnceHub/Membrane integration, but it can access and change OnceHub business data through broad CLI/API commands.

Before installing, confirm you trust Membrane's CLI package and only connect a OnceHub account with the permissions needed. Treat any create, update, delete, or bulk OnceHub operation as sensitive and ask for clear confirmation before running it.

Static analysis

No static analysis findings were reported for this release.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Risk analysis

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

#ASI02: Tool Misuse and Exploitation

Medium

What this means

A mistaken or overly broad API request could change or delete OnceHub scheduling or CRM data.

Why it was flagged

The skill documents a broad proxy for direct OnceHub API calls, including methods that can create, update, or delete data. This is aligned with an integration skill but needs careful user-directed use.

Skill content

membrane request CONNECTION_ID /path/to/endpoint ... HTTP method (GET, POST, PUT, PATCH, DELETE). Defaults to GET

Recommendation

Prefer Membrane's pre-built actions, use least-privilege OnceHub access, and require explicit user confirmation before create, update, delete, or bulk operations.

#ASI03: Identity and Privilege Abuse

Low

What this means

The agent may be able to perform actions allowed by the connected OnceHub account.

Why it was flagged

The skill relies on delegated Membrane/OnceHub authentication. This is expected for the stated purpose, but it grants the agent access through the connected account.

Skill content

Membrane handles authentication and credentials refresh automatically ... injects the correct authentication headers

Recommendation

Connect only the intended OnceHub workspace/account and avoid using an account with broader permissions than needed.

#ASI04: Agentic Supply Chain Vulnerabilities

Low

What this means

The local machine will trust code from the npm Membrane CLI package when installed or run.

Why it was flagged

The skill asks the user to install/run an external npm CLI package, including an unpinned @latest invocation. This is central to the integration but its package contents were not part of the supplied artifacts.

Skill content

npm install -g @membranehq/cli ... npx @membranehq/cli@latest action list

Recommendation

Install from a trusted npm source, avoid unnecessary administrator privileges, and pin or verify the CLI version when possible.