ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Mojotxt

v1.0.2

MojoTxt integration. Manage Persons, Organizations, Deals, Leads, Projects, Activities and more. Use when the user wants to interact with MojoTxt data.

0· 111·0 current·0 all-time
byMembrane Dev@membranedev
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (MojoTxt integration) match the runtime instructions: all actions are about discovering/connecting to a MojoTxt connector and proxying requests via the Membrane CLI. There are no unrelated environment variables, binaries, or config paths requested.
Instruction Scope
SKILL.md confines the agent to installing and using the Membrane CLI, running its discovery/connect/action commands, and proxying API calls to MojoTxt. It does not instruct reading arbitrary files, secrets, or system paths beyond standard CLI use; authentication is browser-based and handled by Membrane.
Install Mechanism
The skill is instruction-only (no bundled install), but directs users to install/run @membranehq/cli via npm or npx. Installing or running third-party npm packages (global install or npx) executes code from the registry — a normal but moderately risky operation. Verify the package publisher/repo before installing and prefer running in a controlled environment if unsure.
Credentials
No environment variables or credentials are required by the skill. SKILL.md explicitly advises using Membrane to avoid asking users for API keys; credential handling is delegated to Membrane's server-side connections, which is proportionate to the stated purpose.
Persistence & Privilege
The skill is not always-enabled and has no code or install that would persist on the agent. Autonomous invocation is allowed (platform default) but there are no additional privileged settings or system-wide modifications requested.
Assessment
This skill is coherent: it tells the agent to use Membrane's CLI to interact with MojoTxt rather than directly storing API keys. Before installing/running anything, verify the @membranehq/cli npm package and its GitHub repository match the vendor you expect. Installing global npm packages or using npx runs third-party code — consider running the CLI in an isolated environment (VM/container) if you have low trust. Understand that Membrane will manage and proxy credentials server-side, so review Membrane's privacy/security policies if you want control over where your MojoTxt credentials are stored.

Like a lobster shell, security has layers — review code before you run it.

latestvk97cz3awcnw8x994884rwz8pnd842z0w

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments