Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Desktime
v1.0.0DeskTime integration. Manage Users, Organizations, Projects, Tasks, Reports, Absences. Use when the user wants to interact with DeskTime data.
⭐ 0· 94·0 current·0 all-time
byMembrane Dev@membranedev
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The skill claims to be a DeskTime integration and that matches the instructions (it drives DeskTime via Membrane). However the metadata lists no required binaries, env vars, or config paths while the SKILL.md clearly expects npx (Node/npm) and a Membrane account. The skill also relies on a credentials file (~/.membrane/credentials.json) and browser-based login flow that are not declared in the registry metadata.
Instruction Scope
Runtime instructions tell the agent to run npx @membranehq/cli@latest commands, create connections, list actions, proxy arbitrary HTTP requests through Membrane, and rely on credentials stored at ~/.membrane/credentials.json. These are generally within the DeskTime-integration purpose, but they require accessing a local credentials file and executing network-fetched CLI code. The SKILL.md does not instruct the agent to read unrelated system files, but it does permit proxying full URLs via Membrane (which could be used to send arbitrary requests).
Install Mechanism
There is no install spec (instruction-only), but the instructions rely on npx to fetch and run @membranehq/cli@latest from the npm registry at runtime. That is a live network fetch/execute step (moderate risk). The registry metadata did not declare the need for Node/npm or npx, so the required runtime fetch is not reflected in the metadata.
Credentials
The skill declares no required environment variables or primary credential, yet the SKILL.md requires a valid Membrane account and produces/stores credentials at ~/.membrane/credentials.json. The implicit request for a Membrane account and the local credential file is not represented in requires.env or required config paths. The skill does not request unrelated external credentials, but the undisclosed storage path and account requirement are disproportionate to the metadata claims.
Persistence & Privilege
The skill does not request always:true and does not attempt to modify other skills or system-wide agent settings. It does rely on persistent credentials saved to ~/.membrane/credentials.json (Membrane-managed), which is a normal behavior for a CLI-based integration. Note: autonomous invocation (disable-model-invocation:false) is allowed by default—combine that with the networked CLI if you are concerned about automated remote activity.
What to consider before installing
This skill appears to implement a DeskTime integration by instructing the agent to use the Membrane CLI, but the registry metadata omits important runtime requirements. Before installing or enabling it: 1) Understand that the skill expects Node/npm (npx) and will download and execute @membranehq/cli@latest at runtime — review the Membrane CLI source or trustworthiness before allowing that. 2) The skill requires a Membrane account and stores credentials in ~/.membrane/credentials.json; verify you are comfortable granting Membrane that access and that the account has minimal privileges. 3) Because the SKILL.md allows proxying arbitrary URLs via Membrane, be careful about what data you send through it and avoid giving the agent broad autonomous rights if you cannot audit requests. 4) The skill's source and homepage are unknown — treat that as an extra risk factor; consider testing in a sandbox environment or asking the publisher to declare required binaries/env/config paths and to provide a homepage or source repository before trusting it.Like a lobster shell, security has layers — review code before you run it.
latestvk9711v5r6fxa1gyxrs3t15f9jh84gr4a
License
MIT-0
Free to use, modify, and redistribute. No attribution required.