ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Travelport

v1.0.0

Travelport integration. Manage data, records, and automate workflows. Use when the user wants to interact with Travelport data.

0· 55·0 current·0 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
CryptoCan make purchases
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description claim Travelport integration and the SKILL.md consistently instructs using the Membrane CLI to access Travelport APIs. No unrelated credentials, binaries, or installs are requested.
Instruction Scope
Runtime instructions are limited to installing/using the Membrane CLI, creating connections, listing actions, running actions, and proxying requests to Travelport via Membrane. There are no instructions to read arbitrary local files, exfiltrate data, or access unrelated credentials.
Install Mechanism
This is an instruction-only skill (no code). It recommends installing @membranehq/cli from npm (or using npx). Installing a global npm CLI is a reasonable requirement for this integration but carries the usual npm-package risks; verify the package and publisher before installing.
Credentials
The skill declares no required env vars or credentials and advises using Membrane-managed connections rather than local API keys — this is proportionate for a connector-style skill.
Persistence & Privilege
Skill is not always-enabled and does not request persistent system privileges. It relies on interactive Membrane authentication (browser flow) and normal CLI usage.
Assessment
This skill appears coherent: it uses the Membrane CLI to mediate Travelport API calls and avoids asking for local API keys. Before installing, confirm you trust the @membranehq/cli npm package and the Membrane service (review the package on npm/github). Because the skill is instruction-only, the agent will execute CLI commands on your machine and open a browser for Membrane auth — run these in a controlled environment if you have concerns. Do not provide Travelport credentials directly; follow the Membrane connection flow as instructed.

Like a lobster shell, security has layers — review code before you run it.

latestvk97brhh6h76anza15jdnx7k5ys84a01g

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments