ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Hypeauditor

v1.0.1

HypeAuditor integration. Manage data, records, and automate workflows. Use when the user wants to interact with HypeAuditor data.

0· 47·0 current·0 all-time
byMembrane Dev@membranedev
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (HypeAuditor integration) match the instructions: all runtime steps use the Membrane CLI to discover connectors, create connections, run actions, and proxy requests to HypeAuditor. No unrelated credentials, binaries, or services are requested.
Instruction Scope
SKILL.md limits runtime actions to installing/using the Membrane CLI, logging in, creating/using connections, listing actions, running actions, and proxying requests. It does not instruct the agent to read unrelated files, harvest environment variables, or send data to endpoints outside Membrane/HypeAuditor.
Install Mechanism
There is no automated install spec; the doc instructs users to globally install @membranehq/cli via npm (a manual instruction). Instruction-only status lowers risk, but global npm installs run remote code and should be done deliberately by the user. The skill itself does not download or write code.
Credentials
The skill declares no required env vars or credentials and explicitly advises against asking users for API keys. It does require a Membrane account and browser-based authentication, which implies tokens and connection state are managed by Membrane (server-side or via its CLI), so users should understand that Membrane will handle the auth lifecycle.
Persistence & Privilege
The skill does not request always:true, nor does it modify other skills or require system-wide config paths. Autonomous invocation is allowed by default but not combined with elevated persistence or broad credential requests.
Assessment
This skill is instruction-only and delegates HypeAuditor access to the Membrane service/CLI. Before using it: (1) verify you trust Membrane (https://getmembrane.com and the linked repository) because authentication and proxying go through their infrastructure; (2) be willing to install the Membrane CLI with npm if you want to run commands locally (global npm installs execute remote code); (3) expect a browser-based login flow and that Membrane will manage tokens/server-side; (4) do not provide HypeAuditor API keys directly — follow the connection workflow instead. If you need stricter control over credentials or don't want third-party proxying, do not install/use this skill.

Like a lobster shell, security has layers — review code before you run it.

latestvk97aybyd0314rh9c4vc9m2pt6984gp2f

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments