ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Aeroleads

v1.0.2

AeroLeads integration. Manage Leads, Persons, Organizations. Use when the user wants to interact with AeroLeads data.

0· 243·0 current·0 all-time
byMembrane Dev@membranedev
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (AeroLeads integration) match the instructions: the SKILL.md describes using the Membrane CLI to connect to AeroLeads, search actions, run actions, and proxy requests. Required resources (network and a Membrane account) are expected for this purpose.
Instruction Scope
Runtime instructions are limited to installing/using the Membrane CLI, logging in, creating/listing connections, listing/running actions, and making proxied requests to AeroLeads. The instructions do not ask the agent to read unrelated files or environment variables, nor to transmit secrets to unexpected endpoints.
Install Mechanism
Installation is via an npm -g package (@membranehq/cli). This is a normal distribution channel but carries the usual npm risks (verify package identity and publisher). No direct downloads or extracted archives are used.
Credentials
The skill declares no required environment variables or credentials and defers auth to Membrane. That is proportionate: Membrane handles API keys/tokens server-side so the skill need not request unrelated secrets.
Persistence & Privilege
Skill is not always-enabled and does not request elevated platform presence or modify other skills. It relies on the Membrane CLI and normal authentication flows (browser-based login/code completion).
Assessment
This skill is instruction-only and reasonable for integrating AeroLeads via Membrane. Before installing: verify you trust the Membrane project and the npm package @membranehq/cli (check the publisher, package homepage, and repository); be aware the CLI performs browser-based login and will store credentials/tokens as part of that flow; do not give AeroLeads or Membrane API keys directly to the skill — use the Membrane connection flow as instructed. If you need stricter control, create a separate Membrane account with limited scope or test in an isolated environment first.

Like a lobster shell, security has layers — review code before you run it.

latestvk971wepm0m5pnth8bahzrdf3jd843n8v

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments