ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Outseta

v1.0.2

Outseta integration. Manage Persons, Organizations, Deals, Leads, Projects, Activities and more. Use when the user wants to interact with Outseta data.

0· 111·0 current·0 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The skill claims to integrate with Outseta and its SKILL.md consistently documents using the Membrane CLI to access Outseta. The homepage/repository references Membrane and the instructions use Membrane connectors and proxy — this is coherent with the described purpose.
Instruction Scope
Runtime instructions are limited to installing/using the Membrane CLI, logging in via browser, creating connections, listing actions, running actions, and proxying requests to Outseta. The instructions do not ask the agent to read unrelated local files, request unrelated credentials, or exfiltrate data to third-party endpoints beyond Membrane/Outseta.
Install Mechanism
The skill is instruction-only (no install spec), but it recommends installing @membranehq/cli via npm -g or using npx. Installing an npm package is a normal step for this integration; users should be aware that running npm packages installs third-party code to their environment and may require elevated permissions for global installs.
Credentials
The skill declares no required environment variables or credentials; it relies on Membrane to manage authentication server-side and instructs users to create connections rather than providing API keys. This is proportionate to the stated task.
Persistence & Privilege
The skill does not request permanent presence (always is false) and is instruction-only. There is no indication it would modify other skills or system-wide agent settings. Autonomous invocation is allowed by platform default but is not combined with other concerning privileges.
Assessment
This skill appears to be what it says: an Outseta integration that uses the Membrane CLI. Before installing/using it, consider: (1) The skill expects you to install @membranehq/cli (npm or npx) — review that package and prefer npx if you don't want a global install. (2) Membrane handles auth via browser login and proxying; you'll give Membrane access to Outseta data when you create a connection — verify Membrane's privacy/permissions. (3) Because the skill is instruction-only, the static scanner had no code to analyze; the CLI you install will run code on your machine, so inspect or verify the CLI package if you have security concerns. (4) If you want to restrict autonomous use, adjust the agent/skill invocation settings (the platform default allows autonomous invocation).

Like a lobster shell, security has layers — review code before you run it.

latestvk97d4y3qp59c4xzxtt3ewfw4ms8429ke

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments