ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Code Dx

v1.0.0

Code Dx integration. Manage data, records, and automate workflows. Use when the user wants to interact with Code Dx data.

0· 53·0 current·0 all-time
byMembrane Dev@membranedev
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (Code Dx integration) matches the instructions: discover and run Code Dx actions via the Membrane CLI and proxy API calls to Code Dx. Required artifacts (Membrane account, network access, Membrane CLI) are appropriate for this purpose.
Instruction Scope
SKILL.md only tells the user/agent to install and use the Membrane CLI, login via browser, list connections/actions, run actions, and proxy requests. It does not instruct reading unrelated system files, exfiltrating environment variables, or accessing other services beyond Membrane/Code Dx.
Install Mechanism
The skill is instruction-only (no install spec), but instructs installing a third‑party npm package globally (npm install -g @membranehq/cli). npm packages are a common delivery method, but this means installing external code under your environment outside the platform's vetted install process — consider verifying the package source and permissions before installing.
Credentials
The skill declares no required env vars, credentials, or config paths. The instructions explicitly say to use Membrane connections (browser-based auth) instead of asking for API keys, which is proportionate to the task.
Persistence & Privilege
The skill does not request permanent/always-on presence and does not instruct modifying other skills or system-wide agent settings. Autonomous invocation is allowed by default (normal) and is not combined with other concerning privileges.
Assessment
This skill appears coherent and limited to using the Membrane CLI to access Code Dx. Before installing or running it: 1) verify the @membranehq/cli npm package is the official package you expect (check the npm page, maintainers, and repository) because 'npm install -g' installs third‑party code into your system; 2) be prepared to authenticate via a browser (Membrane handles credentials server-side); 3) confirm you are comfortable granting the Membrane service network access to your Code Dx data (it proxies API calls); and 4) avoid providing unrelated credentials. If you prefer tighter control, review the Membrane CLI code or run it in an isolated environment (container) before installing globally.

Like a lobster shell, security has layers — review code before you run it.

latestvk97cv44ky7g53j578tvzdfd6wh848dr1

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments