Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Fanout
v1.0.0Fanout integration. Manage data, records, and automate workflows. Use when the user wants to interact with Fanout data.
⭐ 0· 20·0 current·0 all-time
byMembrane Dev@membranedev
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The SKILL.md clearly targets Fanout via the Membrane platform and instructs use of the @membranehq/cli. However, the skill metadata declares no required binaries or primary credential even though the instructions require the 'membrane' CLI to be present (or installed). That missing declaration is an incoherence between claimed requirements and runtime instructions.
Instruction Scope
The runtime instructions stay on-purpose: they explain installing the Membrane CLI, logging in, creating/inspecting connections, listing and running actions, and proxying requests to Fanout. They do not ask the agent to read unrelated files, harvest secrets, or exfiltrate data to unexpected endpoints. The instructions explicitly recommend letting Membrane manage credentials rather than asking users for API keys.
Install Mechanism
There is no formal install spec in the registry, but SKILL.md instructs users to run 'npm install -g @membranehq/cli' (and uses 'npx' in examples). Installing a global npm package is a reasonable, common approach for CLI tools but carries the usual third-party package risk. Because the skill is instruction-only, the platform won't auto-install anything — the user/agent must run these commands. The package is an npm-scoped package (@membranehq), which is a lower-risk source than an arbitrary URL, but verify the package and publisher before installing globally.
Credentials
The skill requests no environment variables or credentials in metadata; the documentation states Membrane handles auth and advises not to ask users for API keys. That is proportionate for a connector that delegates auth to a platform. There is no evidence the skill tries to access unrelated credentials or system config.
Persistence & Privilege
The skill does not request persistent presence (always: false), does not declare system config paths, and does not attempt to modify other skills. Autonomous invocation remains allowed by platform default, which is normal.
What to consider before installing
What to consider before installing/using this skill:
- Inconsistency to note: the skill metadata does not declare any required binaries, but the SKILL.md requires the 'membrane' CLI. Expect to install the Membrane CLI (or use npx) before you can use this skill.
- Verify the CLI package: check the @membranehq/cli package on npm and the referenced GitHub repo (https://github.com/membranedev/application-skills) to ensure the publisher and source look legitimate before running a global npm install.
- Prefer npx or a local install over 'npm install -g' if you want to avoid adding a global binary.
- Be aware the CLI will open a browser for authentication (or print a URL/code for headless environments). This means you will authenticate an account that grants Membrane access to your Fanout data; review permissions and what Membrane will be authorized to do.
- Because this is instruction-only, the platform won't automatically install the CLI — the commands in the README only run if you (or an agent you allow) execute them. If you are concerned about autonomous agent actions, consider disabling autonomous invocation for skills or require explicit approval when the agent attempts to run system commands.
If you want to proceed, confirm the Membrane CLI package and repository are legitimate and that you are comfortable granting Membrane the connection/auth access it requires.Like a lobster shell, security has layers — review code before you run it.
latestvk97bymp7f08kk8arhvgdvyf1b18472v5
License
MIT-0
Free to use, modify, and redistribute. No attribution required.