ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Cortex Xsoar

v1.0.0

Cortex XSOAR integration. Manage data, records, and automate workflows. Use when the user wants to interact with Cortex XSOAR data.

0· 48·0 current·0 all-time
byMembrane Dev@membranedev
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the instructions: the SKILL.md tells the agent to use the Membrane CLI to create a connector and run actions against Cortex XSOAR. Requiring a Membrane account and network access is consistent with that purpose.
Instruction Scope
Instructions stay within the Cortex XSOAR integration scope (installing and using the Membrane CLI, authenticating via browser or headless flow, listing and running connector actions). They do not instruct reading unrelated local files or environment variables. Note: headless auth and connector creation require interactive authentication steps and will cause data to flow to Membrane and the target XSOAR instance.
Install Mechanism
There is no registry install spec, this is instruction-only; the SKILL.md asks the user to run `npm install -g @membranehq/cli`. Global npm installs execute third‑party code on the host, which is a normal but non-trivial step — verify the publisher and consider non-global or isolated installs if you want to reduce risk.
Credentials
The skill declares no required env vars in registry metadata, which matches that it relies on interactive Membrane auth rather than env-based keys. However, it does require a Membrane account and will obtain/handle credentials via the CLI/browser auth flow; this external credentialing is proportional but not explicitly declared as a primaryEnv in the registry metadata.
Persistence & Privilege
The skill is not forced-always, does not request system-wide config changes in SKILL.md, and is user-invocable. There is no indication it persists beyond the normal use of the Membrane CLI and connectors.
Assessment
This skill appears to do what it says: it instructs installing and using the official Membrane CLI to connect to Cortex XSOAR. Before installing or running it: (1) verify the @membranehq/cli package source and GitHub repo to ensure you trust the publisher; (2) prefer installing the CLI in a constrained environment (container, VM, or non-global npm install) if you want to avoid running third‑party code system-wide; (3) be aware the flow uses browser-based auth and will grant Membrane access to your XSOAR connector — review the connector permissions and audit logs in your XSOAR and Membrane account; (4) if you need stronger assurance, ask the skill author for a signed release URL or an install spec in the registry that points to an official release. If you find any instructions that run other installers, download arbitrary archives, or request unrelated credentials, treat that as suspicious.

Like a lobster shell, security has layers — review code before you run it.

latestvk973xk51bxtdcsmgm08gscc9r1848zd1

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments