ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Simvoly

v1.0.2

Simvoly integration. Manage Websites, Funnels, Stores, Memberships, Bookings, Forms and more. Use when the user wants to interact with Simvoly data.

0· 109·0 current·0 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (Simvoly integration) align with the instructions (use Membrane CLI to connect to Simvoly, list actions, run actions, or proxy requests). There are no unrelated credentials, binaries, or paths required by the skill.
Instruction Scope
SKILL.md instructs installing and using the Membrane CLI, logging in, creating/connections, listing and running actions, and proxying requests to Simvoly—all directly relevant. It does not instruct reading unrelated local files or environment variables, nor does it ask the agent to collect arbitrary system data. Note: proxying and action runs will send input data to Membrane/Simvoly as expected for this integration.
Install Mechanism
There is no formal install spec in the registry metadata, but the README tells the user/agent to run `npm install -g @membranehq/cli`. Global npm installs write binaries to disk (moderate risk). The package is namespaced (@membranehq) and repository/homepage are provided, which is reasonable; verify the package source before installing.
Credentials
The skill requests no environment variables or local config paths. Authentication is delegated to Membrane (browser-based login/tenant flow), which is appropriate for the stated purpose. There are no unexplained secret requests.
Persistence & Privilege
always is false and the skill does not attempt to modify other skills or system-wide settings. The skill can be invoked autonomously (platform default) — this combined with normal integration capabilities is expected, not by itself problematic.
Assessment
This skill appears coherent, but take these precautions before using it: 1) Verify the Membrane CLI package (@membranehq/cli) on npm and its GitHub repo to ensure you trust the publisher. 2) Be aware that running `membrane login` opens a browser and grants Membrane access to your Simvoly account — check the scopes and permissions requested during login. 3) Prefer performing the login and connection steps yourself (not letting an agent do them unattended), and avoid pasting any unrelated secrets. 4) If you want to limit risk, run the CLI in a sandboxed environment or an account with limited privileges, and require explicit human approval before the agent executes actions that modify site/store/membership data.

Like a lobster shell, security has layers — review code before you run it.

latestvk978d9k2vybh2gwd60hwqg4bph842ytd

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments