Back to skill
Skillv1.0.3
VirusTotal security
Zulip · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 22, 2026, 7:36 PM
- Hash
- 5ebdba16519cc6595fcf61752610519b1ef3741c67c43225e3a547f246a47166
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: zulip-integration Version: 1.0.3 The skill acts as a wrapper for the Membrane platform, requiring the installation of a global NPM package (@membranehq/cli) and delegating all Zulip interactions, including authentication and API execution, to a third-party service (getmembrane.com). While these actions are aligned with the stated purpose of the integration, the requirement for global system modifications and the redirection of all sensitive communication and credential management through an external proxy represent significant security trade-offs and a broadened attack surface. Additionally, the 'membrane action create' feature allows for dynamic remote code generation, which is a high-risk capability.
- External report
- View on VirusTotal