ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Flanks

v1.0.0

Flanks integration. Manage data, records, and automate workflows. Use when the user wants to interact with Flanks data.

0· 44·0 current·0 all-time
byMembrane Dev@membranedev
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (Flanks integration) align with the instructions: all actions are performed via the Membrane CLI/proxy to interact with Flanks. No unrelated credentials, binaries, or system paths are requested.
Instruction Scope
SKILL.md only instructs installing/using the Membrane CLI, creating connections, listing actions, running actions, and proxying requests to Flanks. It does not ask the agent to read unrelated files, harvest environment variables, or exfiltrate data to unexpected endpoints.
Install Mechanism
The install guidance recommends npm install -g @membranehq/cli or using npx. Using npm is expected for a CLI distributed via npm; no arbitrary downloads or extract steps are suggested. This is moderate-risk but proportionate and expected for the stated purpose.
Credentials
The skill declares no required env vars, no credentials, and explicitly advises letting Membrane manage auth rather than asking users for API keys. The requested access (a Membrane account) is proportionate to interacting with Flanks via Membrane.
Persistence & Privilege
always is false and the skill is user-invocable with normal agent invocation allowed. The skill does not request persistent system privileges or modify other skills. Its runtime actions are limited to invoking the Membrane CLI and using network access.
Assessment
This skill is instruction-only and uses the Membrane CLI to talk to Flanks, which is coherent for the stated purpose. Before installing: (1) confirm you trust the @membranehq/cli package and the Membrane service (review their docs, npm page, and GitHub repo); (2) prefer npx or a per-user install if you don't want a global npm package; (3) be aware Membrane will handle auth and proxy requests to Flanks—that means credentials are managed server-side by Membrane, so review their privacy/security docs; (4) run CLI installs in an environment you control (or isolated container) if you have strict supply-chain concerns. Overall the skill appears internally consistent and not requesting disproportionate access.

Like a lobster shell, security has layers — review code before you run it.

latestvk978sxrpxv87ydqz1v764z9nrs84afn7

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments