Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Teamioo
v1.0.0Teamioo integration. Manage Organizations. Use when the user wants to interact with Teamioo data.
⭐ 0· 40·0 current·0 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill claims to integrate with Teamioo via Membrane which is coherent with its name/description. However, the SKILL.md expects the agent/environment to run `npx @membranehq/cli@latest` (so Node/npm/npx must be available). The skill metadata lists no required binaries — that's an inconsistency. A consumer would legitimately need npx/Node to use this skill, so the missing declared dependency is a gap.
Instruction Scope
The instructions tell the agent to run npx commands that open a browser for auth and then store credentials at `~/.membrane/credentials.json`. The SKILL.md therefore reads and writes a user config path but the manifest declares no required config paths. The skill also documents a proxy mode that accepts full URLs; that capability means the agent can relay arbitrary requests through Membrane, which is powerful and should be considered when granting the skill runtime/network access.
Install Mechanism
There is no install specification (instruction-only), which is low surface area. However, the runtime uses `npx @membranehq/cli@latest`, which will fetch and execute code from the npm registry at runtime. That is normal for CLI-first integrations but does mean remote code is executed each time the CLI is invoked; users should trust the @membranehq package and the npm ecosystem.
Credentials
The skill does not request environment variables or secrets in the manifest and explicitly advises not to ask users for API keys (Membrane manages auth). That is proportionate. It does require a Membrane account (declared in SKILL.md) which is appropriate for this integration.
Persistence & Privilege
Although the skill is not always-loaded and is user-invocable, the runtime instructions create persistent credentials in the user's home (`~/.membrane/credentials.json`). The manifest did not declare this config path; this persistent credential file increases blast radius if the Membrane CLI or credentials are misused. The skill does not claim to modify other skills or system-wide agent settings.
Scan Findings in Context
[NO_REGEX_FINDINGS] expected: Scanner found no code files or regex matches. This is expected because the skill is instruction-only; the security-relevant behavior is in SKILL.md rather than code.
What to consider before installing
This skill looks like a legitimate Teamioo integration via Membrane, but there are some gaps you should consider before installing:
- Ensure the environment has Node/npm/npx available: the SKILL.md runs `npx @membranehq/cli@latest` but the manifest does not declare this dependency. If you don't want to allow npx, you won't be able to use this skill.
- Understand that `npx` fetches and executes the @membranehq CLI from npm at runtime. Only proceed if you trust the @membranehq package and the npm registry.
- The login flow stores credentials at ~/.membrane/credentials.json. If you install this skill, those persistent credentials will exist on the machine; verify you are comfortable with that location and who can read that file.
- The skill allows proxying arbitrary URLs through Membrane — review whether you trust Membrane to handle requests and be careful about sending sensitive data through proxy endpoints.
- Ask the publisher to update the manifest to declare required binaries (npx/Node) and the config path (~/.membrane/credentials.json). If you need higher assurance, run the CLI in an isolated environment (container or dedicated user account) and inspect the @membranehq/cli package source before use.Like a lobster shell, security has layers — review code before you run it.
latestvk972s443jsgdqb2f523ne5x3an8476sy
License
MIT-0
Free to use, modify, and redistribute. No attribution required.