Orbit
Security checks across static analysis, malware telemetry, and agentic risk
Overview
Orbit is mostly a normal Membrane-based integration, but it documents a broad authenticated proxy that can use mutating HTTP methods and full URLs, so users should review its scope before use.
Use this only if you are comfortable authenticating through Membrane and storing Membrane credentials locally. Prefer listed/prebuilt actions, and ask the agent to get confirmation before any raw proxy request that writes, deletes, uses custom headers, or sends a full URL.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If used carelessly, the agent could change or delete Orbit data, or make a proxy request to an unintended endpoint.
The skill exposes a raw authenticated proxy with mutating methods and full-URL support, which is broader than scoped prebuilt Orbit actions and lacks explicit confirmation or domain-bounding guidance.
Common options: ... HTTP method (GET, POST, PUT, PATCH, DELETE) ... You can also pass a full URL instead of a relative path — Membrane will use it as-is.
Prefer prebuilt Membrane actions, use relative Orbit API paths where possible, and require explicit user confirmation before POST, PUT, PATCH, DELETE, custom-header, or full-URL proxy requests.
Anyone or any process with access to that local credential file may be able to reuse the Membrane session for connected services.
The skill relies on persistent Membrane credentials to access Orbit, which is expected for the integration but gives future commands reusable account authority.
After login, credentials are stored in `~/.membrane/credentials.json` and reused for all future commands.
Install only on trusted machines, protect the ~/.membrane directory, and revoke or remove credentials when no longer needed.
Behavior may change when the external CLI package changes, and compromise of that package could affect users running the command.
The skill runs the latest published version of an external npm CLI rather than a pinned reviewed version. This is central to the stated purpose, but users depend on the current package supply chain.
This skill uses the Membrane CLI (`npx @membranehq/cli@latest`) to interact with Orbit.
Consider pinning the CLI version, documenting package provenance, or reviewing the CLI before first use.
Users may underestimate the sensitivity of the local Membrane credential file.
The wording could be read as saying no credentials are stored locally, even though Membrane login credentials are persisted locally; this distinction matters for user trust.
credentials are stored in `~/.membrane/credentials.json` ... Membrane manages the full Auth lifecycle server-side with no local secrets.
Clarify that Orbit app tokens may be managed server-side, but Membrane session credentials are stored locally and should be protected.