ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Zendesk Sell

v1.0.2

Zendesk Sell integration. Manage data, records, and automate workflows. Use when the user wants to interact with Zendesk Sell data.

0· 89·0 current·0 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill states it integrates with Zendesk Sell but does not declare any Zendesk API credentials or explain how to authenticate. It also states a Membrane account is required (in compatibility) but no credentials or env var are declared. The SKILL.md contains a very long list of unrelated entities (finance, devices, etc.), suggesting the document may be a generic or corrupted template rather than a focused integration guide.
!
Instruction Scope
This is an instruction-only skill with network requirements and references to a Membrane account, but the runtime instructions are vague and include many unrelated items. There are no concrete authentication steps (e.g., OAuth flow or API token usage), no explicit API endpoints or request examples for Zendesk Sell, and nothing that constrains what the agent should or should not read/send. That ambiguity could grant the agent broad discretion when invoked.
Install Mechanism
No install spec and no code files — lowest-risk install footprint. Nothing is written to disk by an installer because the skill is instruction-only.
!
Credentials
No required env vars or primary credential are declared despite the skill needing a Membrane account and (implicitly) Zendesk credentials for meaningful API operations. A genuine Zendesk Sell integration would normally require API token or OAuth client credentials; the absence of any declared credential requirement is a red flag or at least an omission.
Persistence & Privilege
always:false and default invocation settings (agent may invoke autonomously) — acceptable for a skill of this type. The skill does not request persistent system modifications.
What to consider before installing
This skill appears internally inconsistent. Before installing, ask the publisher to explain how authentication to Zendesk Sell is handled (OAuth or API token), where credentials are provided or stored, and why the SKILL.md contains a long list of unrelated items. Do not supply high-privilege Zendesk or Membrane credentials until you confirm the auth flow and that the skill only calls official Zendesk endpoints. Prefer skills that explicitly declare required env vars and show concrete API call examples or an audited source repository. Because this is an instruction-only skill, static scanners had nothing to analyze — review the full SKILL.md and the linked repository/homepage, and ask for clarification from the author if anything is unclear.

Like a lobster shell, security has layers — review code before you run it.

latestvk97f3hs0ypfy6f26gptxvcrfa5842x67

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments