ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Jobscore

v1.0.0

JobScore integration. Manage data, records, and automate workflows. Use when the user wants to interact with JobScore data.

0· 50·0 current·0 all-time
byMembrane Dev@membranedev
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description match an integration for JobScore and the SKILL.md instructs the agent to use the Membrane CLI to talk to JobScore, which is coherent. However the 'Official docs' link points to iCIMS (developer.icims.com), which is a different ATS and appears to be a copy-paste or documentation error — minor inconsistency that should be confirmed.
Instruction Scope
The instructions stay within the claimed purpose: install Membrane CLI, log in, create/connect a JobScore connection, list/run actions, and optionally proxy raw JobScore API calls through Membrane. The proxy capability lets Membrane see and send arbitrary API requests on your behalf — expected for this integration but important to note.
Install Mechanism
This is an instruction-only skill (no install spec). It tells the user to install @membranehq/cli via npm (or use npx). That is a reasonable, low-risk instruction, but the skill will rely on an external CLI and networked service; confirm you trust the Membrane package and account.
!
Credentials
The skill requests no local environment variables or secrets, which is consistent. However it delegates authentication and credential storage to the Membrane service (server-side). That centralization is reasonable for convenience but implies Membrane will hold tokens/credentials and be able to access JobScore data — make sure you trust that service and review its privacy/security practices before granting access.
Persistence & Privilege
No 'always: true' or elevated persistence is requested. The skill is user-invocable and normal autonomous invocation is allowed by default; nothing unusual here.
What to consider before installing
This skill delegates JobScore access to the third-party Membrane service via its CLI. Before installing or using it: (1) verify that @membranehq/cli is the official package and comes from a trusted source; (2) confirm you are comfortable that Membrane will hold and proxy your JobScore credentials and API requests (check their privacy/security docs); (3) note the SKILL.md's 'Official docs' link points to iCIMS — ask the publisher to correct that to JobScore docs to remove ambiguity; (4) test with a sandbox or least-privilege JobScore account first rather than production data.

Like a lobster shell, security has layers — review code before you run it.

latestvk978spvznk1cmtfn6t6ac7b01d84dtj2

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments