Membership Manager
Security checks across malware telemetry and agentic risk
Overview
The skill appears to locally track user-entered membership details and expiry information, with no evidence of network access, credential use, or destructive behavior.
This skill looks safe for its stated purpose. Before using it, remember that membership details you enter may be saved locally for future reminders and analysis; avoid entering anything more sensitive than needed and check how to delete saved data if you no longer want it retained.
VirusTotal
64/64 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Membership details such as platforms, levels, expiry dates, and benefit usage may remain stored for later use.
The skill saves membership records, expiry dates, benefits, and usage information in persistent local storage. This is expected for reminders and tracking, but it means user-entered membership data can be retained.
this.store = new LocalStore('membership-manager'); ... this.store.set('memberships', memberships);Only enter membership information you are comfortable storing locally, and provide or use a clear way to review and delete saved records if needed.
The skill’s data-retention behavior depends partly on a shared helper that is not included in the visible skill package.
The code depends on a shared storage helper outside the two listed skill files. The import is purpose-aligned, but the exact storage behavior is not visible in the supplied skill files.
const { LocalStore } = require('../../shared/storage/local-store');Treat this as a normal but noteworthy local-storage dependency; if privacy is important, confirm where the platform’s LocalStore keeps data and how it can be cleared.