ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Open Accounting

v1.0.0

Open Accounting integration. Manage data, records, and automate workflows. Use when the user wants to interact with Open Accounting data.

0· 53·0 current·0 all-time
byMembrane Dev@membranedev
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
CryptoCan make purchases
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The SKILL.md describes using the Membrane CLI to access Open Accounting and proxy API requests, which matches the skill name and description. However, the registry metadata declares no required binaries while the instructions explicitly require the Membrane CLI (membrane). That mismatch is an incoherence: the skill should have declared the CLI as a required binary or included an install spec.
Instruction Scope
Runtime instructions stay on-topic: they only cover installing/using the Membrane CLI, creating connections, listing/running actions, and proxying requests to the Open Accounting API. The instructions do not ask the agent to read unrelated files or exfiltrate local secrets. They do, however, allow sending arbitrary proxied requests through Membrane (expected for this integration) so you must trust Membrane's behavior and the connector.
Install Mechanism
There is no install spec in the registry, but SKILL.md tells users to run `npm install -g @membranehq/cli` (or use npx). Installing a public npm CLI is a common, acceptable step, but global npm installs execute code from the npm registry and thus carry moderate risk. The missing formal install spec in the metadata is a discrepancy worth noting.
Credentials
The skill declares no required environment variables or credentials and explicitly instructs not to ask users for API keys, relying on Membrane for auth. That is proportionate for the stated purpose. There are no requests for unrelated credentials or config paths.
Persistence & Privilege
The skill is not always-enabled and does not request system-wide persistence or claim to modify other skills. It relies on the Membrane CLI and user-driven connection flows; autonomous invocation is allowed by default but not combined with other high-risk indicators here.
What to consider before installing
This skill appears to legitimately teach the agent how to use Membrane to work with Open Accounting, but there are a few practical cautions: 1) The skill forgot to declare that it requires the Membrane CLI in the metadata — ask the publisher to add that or confirm before installing. 2) The SKILL.md recommends `npm install -g @membranehq/cli`; prefer using `npx @membranehq/cli` or review the npm package (publisher, checksum, and version) before doing a global install because npm packages run code during install. 3) The integration proxies arbitrary requests through Membrane — you must trust Membrane and the connector to handle your accounting data correctly (review Membrane's privacy/security documentation). 4) If you need stronger assurance, request a verifiable source (a repository tag or signed release) and an install spec in the registry so automated checks can validate the CLI and any install steps.

Like a lobster shell, security has layers — review code before you run it.

latestvk97b54rvhmvqmfmw9zwq853bkx84bkzd

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments