ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Typebot

v1.0.2

Typebot integration. Manage data, records, and automate workflows. Use when the user wants to interact with Typebot data.

0· 91·0 current·0 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (Typebot integration) align with instructions that use Membrane to discover connectors, create a connection, run actions, and proxy requests to Typebot. No unrelated credentials or surprising capabilities are requested.
Instruction Scope
SKILL.md limits runtime actions to installing/using the Membrane CLI, logging in, listing/creating connections, running actions, and proxying requests to Typebot. It does not instruct reading unrelated files or environment variables, or contacting endpoints outside Membrane/Typebot.
Install Mechanism
There is no formal install spec in the registry (instruction-only), but the document tells users to run `npm install -g @membranehq/cli`. This is expected for a CLI-based integration but does require Node/npm and will install a global binary — consider whether you want that on your system and verify the package source before installing.
Credentials
The skill declares no required env vars or credentials and recommends using Membrane connections instead of asking the user for API keys. The required network access and a Membrane account are proportional to the stated purpose.
Persistence & Privilege
The skill is not always-enabled, is user-invocable, and does not request elevated or cross-skill configuration changes. It only documents using the Membrane CLI and browser-based auth flow.
Assessment
This skill is instruction-only and tells you to use the Membrane CLI to interact with Typebot. Before installing or running: ensure you trust the @membranehq/cli npm package and have Node/npm available (global installs modify your system PATH); be prepared to authenticate via the browser-based Membrane flow; verify Membrane account and connector permissions (a connector can perform actions on your behalf); and avoid entering unrelated secrets — the skill explicitly says not to ask for API keys. If you want stronger assurance, review the Membrane CLI source repository and the Typebot connector implementation before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk97568pdpzc8n3fxvs7d2p5345842xx6

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments