ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Bot9

v1.0.2

Bot9 integration. Manage data, records, and automate workflows. Use when the user wants to interact with Bot9 data.

0· 146·0 current·0 all-time
byMembrane Dev@membranedev
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The SKILL.md clearly requires the @membranehq/cli and network access and a Membrane account to interact with Bot9, but the skill manifest lists no required binaries, env vars, or primary credential. Declaring no runtime dependencies while instructing users to install a CLI is an incoherence that should be explained.
Instruction Scope
Instructions stay on-topic for a Bot9 integration (install CLI, create connection, list/run actions). However the skill documents a 'proxy' feature that lets the agent send arbitrary proxied requests to APIs via Membrane; that capability can be legitimate but increases the risk surface because it enables arbitrary outbound requests and potential exfiltration if misused.
Install Mechanism
No formal install spec in registry (instruction-only). SKILL.md recommends 'npm install -g @membranehq/cli' — an ordinary public npm installation (moderate risk). There is no download from unknown URLs, but global npm installs should be allowed only if you trust the package and provider.
!
Credentials
The skill claims Membrane will manage credentials server-side and therefore asks for no env vars, which can be reasonable. But the registry metadata declares zero dependencies while the runtime requires network and a Membrane account (browser/OAuth). The manifest should at minimum declare required binaries (node/npm/membrane) and note network and account needs.
Persistence & Privilege
always is false and the skill is not requesting persistent elevated platform privileges. Autonomous invocation is allowed by default but does not combine with other privileged flags here.
What to consider before installing
Before installing or enabling: (1) Confirm you trust Membrane and the npm package @membranehq/cli (check the package page, GitHub repo, and publisher). (2) Be aware the SKILL.md requires installing a global npm package and browser/OAuth login — the manifest should declare these runtime needs but doesn't. (3) Understand the 'membrane request' proxy can send arbitrary API calls on your behalf; only enable the skill if you trust it not to access or exfiltrate sensitive data. (4) Prefer installing the CLI in a controlled environment (not as root) and verify the package source and version. (5) Ask the skill author to update the manifest to list required binaries (node, npm, membrane) and to explicitly state any network or account requirements for clearer security review.

Like a lobster shell, security has layers — review code before you run it.

latestvk970hmrmspk7adermeyb7y9r098438qb

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments