ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Mattr

v1.0.0

MATTR integration. Manage data, records, and automate workflows. Use when the user wants to interact with MATTR data.

0· 22·0 current·0 all-time
byMembrane Dev@membranedev
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill claims to integrate with MATTR and in practice uses the Membrane CLI to do so, which is a reasonable design. However, the skill metadata declares no required binaries or config paths while the SKILL.md requires installing and running the `@membranehq/cli` (npm global install). This is an incoherence between declared requirements and actual runtime needs.
Instruction Scope
Instructions are limited to installing the Membrane CLI, logging in, creating a connection, listing/running actions, and using `membrane request` as a proxy to MATTR. They do not ask the agent to read unrelated files or environment variables. However, the proxy feature allows sending arbitrary requests to the MATTR API (or other proxied endpoints) which increases the blast radius if misused or if credentials are mishandled.
Install Mechanism
There is no formal install spec in the registry (instruction-only), but SKILL.md tells users to run `npm install -g @membranehq/cli`. Global npm installs are a moderate-risk install path (downloads code from the npm registry). The skill metadata should have declared the requirement for npm/Node or provided an install spec; the absence is a mismatch.
Credentials
The skill requests no environment variables or credentials and correctly advises not to ask users for API keys. But it requires a Membrane account and CLI login; the SKILL.md does not document where the CLI stores auth tokens or config (local filesystem paths), nor does the metadata declare those config paths. That omission reduces transparency about local artifacts the CLI will create/manage.
Persistence & Privilege
always is false and the skill is instruction-only with no code files. It does not request permanent platform privilege or alter other skills' configuration. Autonomous invocation remains allowed (platform default) but is not combined with other high-risk factors here.
What to consider before installing
Before installing or using this skill: (1) Confirm you trust Membrane (@membranehq) and their CLI package on npm — the skill relies entirely on their service. (2) Ensure you have Node/npm available (SKILL.md requires `npm install -g @membranehq/cli`), even though the skill metadata does not declare this; ask the publisher to update metadata. (3) Be aware the Membrane CLI will perform browser-based login and will persist authentication tokens/config locally (not documented); check where those files are stored and decide if that aligns with your security policies. (4) The `membrane request` proxy can send arbitrary API calls — only use it when you trust the connection and understand what data may be accessible or transmitted. (5) If you require stronger assurance, request that the skill author add explicit required binaries and config-paths to the metadata, and provide an install spec or a vetted release URL for the CLI package.

Like a lobster shell, security has layers — review code before you run it.

latestvk97fk96jh5dzzshgqcjns16pkn8485se

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments