ClawHub

Detectify

v1.0.2

Detectify integration. Manage Organizations. Use when the user wants to interact with Detectify data.

0· 107·0 current·0 all-time
byMembrane Dev@membranedev
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name and description claim Detectify integration and the instructions consistently show how to access Detectify via the Membrane CLI (creating connections, running actions, proxying requests). No unrelated services, credentials, or binaries are requested.
Instruction Scope
SKILL.md stays on-topic: it tells the agent/user to install the Membrane CLI, authenticate via browser, create a Detectify connection, list/run actions, or proxy requests. It does not instruct reading arbitrary files, environment variables, or sending data outside the Membrane/Detectify flow.
Install Mechanism
There is no formal install spec in the manifest, but the runtime instructions tell users to run `npm install -g @membranehq/cli`. Global npm installs run arbitrary code and write to disk; this is expected for a CLI integration but users should verify the npm package source and trustworthiness before installing.
Credentials
The skill declares no required env vars or credentials. It explicitly recommends using Membrane-managed connections (no local API keys). The need for a Membrane account is proportional to the stated purpose.
Persistence & Privilege
The skill is not force-included (always:false) and does not request persistent system-wide privileges. It does not instruct modifying other skills or global agent settings.
Assessment
This skill looks coherent but you should: 1) Verify the @membranehq/cli package on npm (publisher, download counts, repo) before running a global install; global npm installs execute code on your machine. 2) Understand that Membrane will hold/manage Detectify credentials server-side — only proceed if you trust that service (check getmembrane.com, the GitHub repository referenced in SKILL.md, and the Membrane privacy/security docs). 3) When using `membrane request` be cautious about proxying arbitrary endpoints or sending sensitive input. 4) Because the skill is instruction-only, no code was scanned here — if you need higher assurance, ask the publisher for a signed/manifests-backed release or a vetted package source before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk97epsy9hj0qem0grnf3vdb7rx843esh

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments