Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Whistic
v1.0.0Whistic integration. Manage data, records, and automate workflows. Use when the user wants to interact with Whistic data.
⭐ 0· 90·0 current·0 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The SKILL.md describes a Whistic integration that operates through the Membrane CLI (proxying API calls, running actions). That purpose aligns with the content. However, the registry metadata lists no required binaries or install steps even though the instructions require installing and running the Membrane CLI (npm / npx). The metadata/instructions mismatch is an incoherence a user should notice.
Instruction Scope
The runtime instructions are limited to installing/using the Membrane CLI, logging in, creating connections, listing/running actions, and proxying requests to Whistic. The skill does not instruct reading local files or unrelated credentials. It does instruct a global npm install and use of npx, which will run code from the npm registry; proxying arbitrary API paths via Membrane is powerful (it lets the agent make arbitrary requests to the Whistic API under the user's auth).
Install Mechanism
There is no formal install spec in the registry; installation is left to the user via SKILL.md which instructs `npm install -g @membranehq/cli` and use of `npx @membranehq/cli@latest`. This is a common pattern but introduces supply‑chain risk (packages from npm). The instructions do not reference an explicit checksum, signed release, or fixed version (the examples use `@latest` and -g install), which increases risk. No download-from-arbitrary-URL issues were found.
Credentials
The skill declares no required environment variables or credentials; authentication is handled interactively by the Membrane CLI (browser login / token refresh). There are no extraneous credential requests in the SKILL.md. This is proportionate to the stated purpose.
Persistence & Privilege
The skill does not request always:true or other elevated persistence. It's instruction-only and doesn't modify other skills or agent-wide settings. Autonomous invocation is allowed by platform default but not amplified by additional privileges.
What to consider before installing
This skill appears to be an integration that relies on the Membrane CLI to talk to Whistic, which is coherent — but note these concerns before installing:
- The SKILL.md requires installing and running the Membrane CLI (npm / npx), yet the registry metadata did not declare any required binaries; ensure you have npm/node and are comfortable running global npm installs.
- Global npm installs and npx pulls execute code from the npm registry; verify the @membranehq/cli package provenance (check the official repo, audit versions, prefer pinned versions and review release notes or checksums). Avoid running `-g` installs from unknown sources if you can't verify them.
- The Membrane CLI will open browser-based auth and then act with your credentials; only authorize connections you trust and review what scopes/permissions the connector requests. A compromised or malicious package could misuse those tokens.
- If you need stronger assurance, request the publisher to add explicit required-binaries and an install_spec in the registry metadata, or run the CLI in a sandboxed environment first.
What would change this assessment: explicit registry declarations (required binaries), pinned/verified CLI versions or signed releases, and a trustworthy repository/source for the package would move this toward benign. Conversely, discovery of instructions that access unrelated system files, ask for unrelated credentials, or reference arbitrary download URLs would increase the severity toward malicious.Like a lobster shell, security has layers — review code before you run it.
latestvk974gbjzn5c6371y097jsf56r984gchz
License
MIT-0
Free to use, modify, and redistribute. No attribution required.