ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Anonyflow

v1.0.2

AnonyFlow integration. Manage data, records, and automate workflows. Use when the user wants to interact with AnonyFlow data.

0· 96·0 current·0 all-time
byMembrane Dev@membranedev
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (AnonyFlow integration) matches the instructions: all runtime guidance is about installing and using the Membrane CLI to connect to AnonyFlow, list connections, run actions, and proxy API requests. No unrelated services, binaries, or credentials are requested.
Instruction Scope
The SKILL.md instructs running the Membrane CLI, performing connect/login flows (which open a browser), running actions, and using a proxy to call arbitrary AnonyFlow endpoints. This is within scope for managing/analyzing AnonyFlow data, but note that the proxy and actions can be used to detokenize or retrieve sensitive data — so the skill will enable access to potentially sensitive records when authorized.
Install Mechanism
There is no packaged install spec; the guide recommends installing @membranehq/cli via npm -g. Recommending a widely published npm package is reasonable, but installing globally modifies the system path — users should verify the package identity and source before running npm -g.
Credentials
No environment variables, credentials, or config paths are required by the skill. The SKILL.md intentionally defers auth to Membrane (browser login/tenant flow) and explicitly warns not to ask users for API keys, which is proportionate to the described functionality.
Persistence & Privilege
The skill does not request always:true or any elevated persistence. It's user-invocable and can be invoked autonomously per platform defaults; there are no instructions to modify other skills or system-wide agent settings.
Assessment
This skill is coherent with its stated purpose: it instructs using the Membrane CLI to manage AnonyFlow data. Before installing/using it: (1) verify the @membranehq/cli package and the Membrane/GetMembrane site are legitimate and match your trust policy, since npm -g will install a global binary; (2) understand that once authenticated the skill (via Membrane) can perform actions that retrieve or detokenize sensitive data — only use it with accounts you trust and with appropriate permissions; (3) in headless environments be careful when copying/pasting auth codes; and (4) if you need tighter control, run the CLI in an isolated environment or check Membrane's access controls and audit logs before proceeding.

Like a lobster shell, security has layers — review code before you run it.

latestvk9755ync136zcb35gcrbhk8ms5843rjg

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments