ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Rainforest Qa

v1.0.0

Rainforest QA integration. Manage data, records, and automate workflows. Use when the user wants to interact with Rainforest QA data.

0· 24·0 current·0 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Skill description, instructions, and required assets align: it integrates Rainforest QA via the Membrane proxy/CLI. No environment variables, local config paths, or unrelated binaries are requested. Requiring a Membrane account and network access is appropriate for this purpose.
Instruction Scope
SKILL.md sticks to installing and using the Membrane CLI, creating a connection, listing/running actions, and proxying requests. It does instruct running shell commands (npm install -g, membrane login/connect/request/action run) and performing browser-based auth flows — expected for this integration. It does not request reading unrelated files or environment variables. Note: the agent (or user) will run network calls that are proxied through Membrane.
Install Mechanism
There is no automated install spec in the skill bundle (instruction-only). The doc tells the user to run `npm install -g @membranehq/cli` or use `npx` — a normal but user-initiated step. Installing a global npm package is a moderate-risk action (it writes to the system PATH); verify the npm package and upstream repo before installing.
Credentials
The skill requests no local credentials or env vars, delegating auth to Membrane (browser login and a Membrane account). This is proportionate for a proxy-based integration, but it means you must trust Membrane/their service to handle your Rainforest QA credentials and proxied API traffic.
Persistence & Privilege
The skill does not require always:true and has no install-time behavior in the bundle. It does rely on a CLI that stores session state via Membrane's login flow, which is normal and scoped to the Membrane client.
Assessment
This skill appears coherent and reasonable for integrating Rainforest QA, but consider the following before installing: - You will be asked to install @membranehq/cli (global npm install or npx). Verify the npm package name and upstream GitHub repository to ensure authenticity before global installation. - The integration proxies requests through Membrane and uses Membrane-managed credentials — you must trust Membrane (getmembrane.com) to handle and store your Rainforest QA auth and proxied request data. - The skill requires running CLI commands and completing a browser-based login flow; in headless environments you will need to complete the alternate flow that prints a URL and code. - If you allow autonomous agent actions, remember the agent could run the described CLI commands and network requests on your behalf; ensure you trust both the agent and Membrane service. If you want higher assurance, inspect the official Membrane CLI package and the referenced GitHub repository before proceeding.

Like a lobster shell, security has layers — review code before you run it.

latestvk97dtky7ca8ngvfyd0rap0nfyx8463sk

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments