ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Delighted

v1.0.0

Delighted integration. Manage data, records, and automate workflows. Use when the user wants to interact with Delighted data.

0· 51·0 current·0 all-time
byMembrane Dev@membranedev
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (Delighted integration) match the instructions: they show how to install/use the Membrane CLI to connect to Delighted, list actions, run actions, and proxy API requests. There are no unrelated credentials, binaries, or capabilities requested.
Instruction Scope
SKILL.md only instructs the agent to install/use the Membrane CLI, run commands (login, connect, action list/run, request), and to use browser-based authentication. It does not instruct reading arbitrary local files, exporting unrelated environment variables, or exfiltrating data to unexpected endpoints. It does rely on the user authenticating via Membrane, which means Membrane will hold/mediate Delighted credentials.
Install Mechanism
This is an instruction-only skill (no install spec or code). It recommends installing @membranehq/cli via npm -g, which is a standard approach for a CLI. There is no direct download from an untrusted URL or archive extraction in the skill itself.
Credentials
The skill declares no required environment variables or config paths and explicitly advises against asking the user for Delighted API keys (advising creation of a Membrane connection instead). The requested scope is proportional: a Membrane account and network access are reasonable for this integration.
Persistence & Privilege
The skill does not request always:true, does not modify other skills, and does not declare any system-wide config writes. Autonomous invocation is allowed (platform default) but not combined with other concerning privileges.
Assessment
This skill appears coherent and limited to instructing the agent to use the Membrane CLI to access Delighted. Before installing/use: (1) Verify you trust the @membranehq/cli npm package and its GitHub repository (or use npx to avoid a global install); (2) Understand that Membrane will mediate and store the Delighted connection/auth — review Membrane's privacy/security and the permissions you grant during browser auth; (3) In headless environments follow the documented login-complete flow carefully to avoid exposing codes in shared logs; (4) If you prefer not to trust a third-party proxy, you can instead implement direct calls to Delighted's API with your own credentials. Overall, the skill does not request unrelated secrets or unusual system access.

Like a lobster shell, security has layers — review code before you run it.

latestvk9771rybzn5wta94wznkv7abj584912t

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments