ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Chift

v1.0.0

Chift integration. Manage data, records, and automate workflows. Use when the user wants to interact with Chift data.

0· 24·0 current·0 all-time
byMembrane Dev@membranedev
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The skill claims to integrate with Chift and its SKILL.md exclusively documents using the Membrane CLI to discover connectors, create connections, run actions, and proxy API requests — all directly relevant to the described purpose.
Instruction Scope
Instructions are limited to installing/using the Membrane CLI, logging in (browser-based auth or headless flow), listing/connecting actions, running actions, and proxying requests. These operations will perform network calls and send data to Membrane/Chift; the agent may execute arbitrary discovered actions so users should confirm intended actions before running them.
Install Mechanism
This is an instruction-only skill (no install spec). It recommends installing @membranehq/cli via npm, which is a standard distribution method; no archives, personal URLs, or automatic install steps are included in the skill itself.
Credentials
The skill declares no required environment variables or credentials and explicitly advises not to request local API keys. It relies on Membrane server-side auth (browser login/connection flow), which matches the described workflow.
Persistence & Privilege
The skill is not always-on and is user-invocable; it does not request persistent system privileges or modify other skills. Model invocation is allowed (default), which is normal for skills that perform integrations.
Assessment
This skill uses the Membrane CLI to connect your Membrane account to Chift and will open a browser-based login to perform authentication. Before installing or running actions: (1) confirm you trust the Membrane service (check getmembrane.com and the docs); (2) be aware the CLI will run network calls that can read and write data in connected accounts — only run actions you understand and that operate on data you permit; (3) installing the CLI requires npm global permission (npm install -g), so perform that step yourself and review the package if you have concerns; (4) prefer creating least-privilege/test connections when authorizing integrations to limit blast radius.

Like a lobster shell, security has layers — review code before you run it.

latestvk97e9397kqcn7814x73s7mgp7h8461rn

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments