Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Hydrogen
v1.0.2Hydrogen integration. Manage data, records, and automate workflows. Use when the user wants to interact with Hydrogen data.
⭐ 0· 45·0 current·0 all-time
byMembrane Dev@membranedev
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill is named 'Hydrogen' and claims to integrate with Hydrogen data, and the instructions show how to use Membrane CLI to connect and proxy requests to a Hydrogen API. However the SKILL.md also incorrectly describes Hydrogen as a local music production app (the drum machine) while linking to Shopify Hydrogen docs — this naming/documentation mismatch is incoherent and could confuse users about which service is targeted. Requiring the Membrane CLI is plausible for a Membrane-based integration, but the mixed references are a red flag that the documentation was copied or misedited.
Instruction Scope
Instructions ask the agent/user to install and run the @membranehq/cli, perform login (interactive or headless), create connections, list actions, run actions, and use 'membrane request' to proxy arbitrary HTTP endpoints. These actions stay within the scope of a Membrane connector integration, but the 'proxy arbitrary requests' capability can be powerful — it allows sending arbitrary requests to the connected service on behalf of the user, so users should be careful which connection they authorize and what paths are requested.
Install Mechanism
There is no install spec in the registry (instruction-only), but the SKILL.md tells users to run 'npm install -g @membranehq/cli' and also shows 'npx @membranehq/cli'. Installing a public npm CLI is expected for this integration, but installing global npm packages has moderate risk: verify the package exists on npm, its maintainers, and prefer 'npx' or local installs if you want to limit system-wide changes.
Credentials
The skill declares no required environment variables or secrets and explicitly advises against asking users for API keys, recommending creating a Membrane connection instead. That is proportionate. Note that authorizing a Membrane connection will give the Membrane service access to the user's Hydrogen account data, so credential handling is relocated to Membrane rather than local env vars.
Persistence & Privilege
The skill does not request always:true or other elevated persistent privileges. It is instruction-only and relies on the Membrane CLI for auth; normal autonomous invocation is allowed by default but is not combined with other alarming privileges here.
What to consider before installing
This skill appears to be a Membrane-based connector for a service called 'Hydrogen', but the documentation contains conflicting references (a local music app vs Shopify Hydrogen docs). Before installing or running any commands:
- Confirm which 'Hydrogen' service this skill targets (Shopify storefront, a different API, or the music app). The mixed docs suggest a copy/paste error.
- Inspect the @membranehq/cli package on npm (or use npx) and verify the publisher and repository before installing globally.
- Understand that creating a Membrane connection grants Membrane access to the connected account; only authorize accounts you trust and review what actions the connector exposes (use 'membrane action list' first).
- Be cautious using 'membrane request' to proxy arbitrary endpoints — avoid executing requests you don't understand, as they act with the connection's privileges.
- If you need higher assurance, ask the skill author for clarification or a corrected SKILL.md that consistently identifies the target API and expected capabilities.Like a lobster shell, security has layers — review code before you run it.
latestvk9756n5hbxxfdqq8hw8t4q6459843wnk
License
MIT-0
Free to use, modify, and redistribute. No attribution required.