ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Zapier MCP

v1.0.0

Connect 8,000+ apps via Zapier MCP. Includes full UI integration for Clawdbot Gateway dashboard. Use when setting up Zapier integration, connecting apps, or...

1· 967·2 current·2 all-time
by@maverick-software
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description, required binary (mcporter), UI/controller files, and runtime behavior align: the skill's purpose is to expose a Zapier MCP server via mcporter and the code reads/writes mcporter configuration and calls the user-provided MCP URL. Nothing requested is extraneous to that purpose.
Instruction Scope
SKILL.md confines runtime actions to obtaining a Zapier MCP URL, configuring it in the Clawdbot UI, and invoking tools via mcporter. The included backend handlers only read/write mcporter config files in the user's home directory and POST JSON-RPC requests to the configured MCP URL. There are no instructions to collect unrelated system data or secrets.
Install Mechanism
No install spec is provided (instruction-only), so nothing is downloaded or auto-installed by the skill. The only runtime dependency is the mcporter binary (documented in SKILL.md), which is appropriate for an mcporter-based integration.
Credentials
The skill requests no env vars or external credentials. It does read and write mcporter configuration files under several candidate paths in the user's home directory (~/.config, ~/clawd/config, ~/clawdbot/config, etc.), which is necessary for its stated purpose but is a sensitive file operation — the skill will persist the provided MCP URL into the user's mcporter config and can remove that entry on disconnect.
Persistence & Privilege
The skill does not request permanent/always-on privileges. It modifies only the mcporter configuration (its stated scope) and does not alter other skills' configs or system-wide settings beyond the mcporter config file.
Assessment
This skill appears coherent and implements a Zapier MCP integration as described. Before installing, consider: 1) mcporter will be required and the skill will read/write your mcporter config file in your home directory — back up ~/.config/mcporter/config.json or any existing mcporter config if you care about existing entries. 2) The skill will send POST requests to whatever MCP URL you paste; only use MCP URLs you trust (a malicious MCP server could execute actions you didn't intend). 3) Confirm that mcporter on your system is the expected tool and source (install from the official package). 4) The code includes a couple of home-path variants (e.g., "clawd" vs "clawdbot"); this is likely just trying multiple candidate locations but you may want to inspect the config file it writes after saving. If you want stronger isolation, test the integration in a sandbox or VM before adding real accounts or production data.

Like a lobster shell, security has layers — review code before you run it.

latestvk970tjtf7psfyzf942jdtnzpbx8174r7

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Clawdis
Binsmcporter

Comments