ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Envoy

v1.0.2

Envoy integration. Manage Persons, Organizations, Deals, Leads, Projects, Activities and more. Use when the user wants to interact with Envoy data.

0· 104·0 current·0 all-time
byMembrane Dev@membranedev
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The SKILL.md describes interacting with Envoy (visitor/employee/reservations) via the Membrane CLI, which is consistent. However the skill's short description at the top mentions 'Persons, Organizations, Deals, Leads, Projects, Activities' (CRM-like entities) that do not appear in the runtime instructions or action list. This naming/description mismatch is incoherent and could indicate sloppy metadata or mislabeling.
Instruction Scope
All runtime instructions are limited to using the Membrane CLI (install, login, connect, action run, and request proxy). That stays within the stated integration purpose, but the instructions explicitly route API calls through Membrane's proxy — meaning requests and request payloads will pass through a third-party service. The skill does not instruct reading unrelated local files or environment variables.
Install Mechanism
There is no registry install spec, but the SKILL.md tells users to run `npm install -g @membranehq/cli` (a public npm package). Installing a global CLI from npm is a moderate-risk action (it executes third-party code on the user's system). The package source appears to be a public npm package and GitHub repo, not an unknown URL or arbitrary binary.
Credentials
The skill declares no required environment variables or credentials. It relies on Membrane to manage authentication server-side, which is consistent with the instructions. The only external requirement is a Membrane account and network access.
Persistence & Privilege
The skill does not request always:true or other elevated persistent privileges, and is user-invocable. It does not ask to modify other skills or system-wide configs in the instructions.
What to consider before installing
This skill appears to be a Membrane-backed Envoy integration and requires installing the @membranehq/cli and a Membrane account. Before installing: (1) note the metadata mismatch — the short description mentions CRM-like entities that are not referenced in the instructions; confirm with the author which Envoy this targets (visitor-management Envoy vs. Envoy proxy) if that matters to you; (2) review the @membranehq/cli package and its GitHub repo before running a global npm install; (3) understand that API traffic and payloads will be proxied through Membrane (a third party), so review privacy/permissions and consider using a test account or least-privilege connection; (4) if you prefer not to route data through a third party or to avoid installing global CLIs, do not install this skill. If you need higher confidence, ask the maintainer to correct the description and provide an explicit pointer to the exact connector ID/repository and the npm package checksum or source code link.

Like a lobster shell, security has layers — review code before you run it.

latestvk970aw4kskv4ptftaqm1518s558421xj

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments