Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Credit Repair Cloud
v1.0.2Credit Repair Cloud integration. Manage Users, Clients, Affiliates, Providers, Disputes, Products and more. Use when the user wants to interact with Credit R...
⭐ 0· 82·0 current·0 all-time
byMembrane Dev@membranedev
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description (Credit Repair Cloud integration) matches the listed entities in SKILL.md. However, the skill does not declare any credentials or environment variables for Credit Repair Cloud or for Membrane even though the header says a valid Membrane account is required. The homepage points to getmembrane.com (the platform) rather than to Credit Repair Cloud or an official integration, and the registry source is unknown — plausible but missing provenance and auth details.
Instruction Scope
This is an instruction-only skill that states it requires network access and a Membrane account. The provided snippet lists many domain objects but is not explicit (in the portion supplied) about how to authenticate, what endpoints are called, or whether any local files or environment variables will be read. No instructions in the visible content ask for local file or secret access, but the SKILL.md is long/truncated so the full runtime instructions should be inspected for any steps that read local files, environment variables, or post data to unexpected endpoints.
Install Mechanism
No install spec and no code files — instruction-only. This is lower risk because nothing is written to disk by an installer. The skill relies on network calls (Membrane) at runtime.
Credentials
The skill declares 'Requires... a valid Membrane account' but lists no required env vars or primary credential. Interacting with Credit Repair Cloud would normally require credentials (API key/token) or an authenticated platform session; the absence of declared credential requirements is an inconsistency. It's unclear where or how sensitive credentials (Credit Repair Cloud credentials or Membrane API key) must be provided or stored.
Persistence & Privilege
always is false and there is no install or persistent agent modification described. The skill does not request elevated or persistent system privileges in the provided content.
What to consider before installing
This skill appears to be an instruction-only Membrane-backed connector for Credit Repair Cloud, but the package lacks provenance and does not state how authentication is handled. Before installing: (1) ask the publisher how the skill authenticates to Membrane and Credit Repair Cloud, where API keys or credentials are stored, and whether Membrane will broker calls on your behalf; (2) confirm the publisher/source and prefer an official integration or well-known author; (3) review the full SKILL.md for any steps that read local files, environment variables, or send data to unexpected endpoints; and (4) avoid supplying production Credit Repair Cloud credentials until you understand the data flow and storage/retention policies. If you need higher assurance, request an explicit list of required secrets and example API calls or use an officially supported integration.Like a lobster shell, security has layers — review code before you run it.
latestvk97330j5n59cr2vgw3tv59zw29843vse
License
MIT-0
Free to use, modify, and redistribute. No attribution required.