ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Paragon

v1.0.0

Paragon integration. Manage data, records, and automate workflows. Use when the user wants to interact with Paragon data.

0· 21·0 current·0 all-time
byMembrane Dev@membranedev
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
CryptoCan make purchases
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill's purpose is to manage Paragon data via the Membrane CLI, but the package metadata lists no required binaries, no install spec, and no primary credential. A Paragon integration that relies on a CLI would normally declare the CLI binary or an install step and the credentials it needs; the absence of these items is disproportionate to the stated purpose.
!
Instruction Scope
The SKILL.md explicitly says it uses the Membrane CLI and requires a Membrane account, but the distributed instructions (as visible) do not declare how authentication state is provided, nor do they declare config paths or environment variables the agent must read. This leaves the runtime behavior vague and grants the agent broad discretion to locate auth (e.g., searching local configs), which is scope creep and increases risk.
Install Mechanism
There is no install spec and no code files—this is an instruction-only skill. That minimizes the risk of arbitrary code being written or executed by an installer, but it increases reliance on preexisting environment setup (which is not documented).
!
Credentials
The skill mentions needing a Membrane account and network access but declares no required environment variables, tokens, or config paths. If the skill expects credentials to be available via the Membrane CLI or stored config files, those access requirements should be declared. The current absence of declared secrets is disproportionate and ambiguous.
Persistence & Privilege
The skill is not marked always:true and is user-invocable (defaults). It does not request persistent/privileged presence; autonomous invocation is allowed (platform default) and does not by itself raise additional concerns.
Scan Findings in Context
[no_code_files_or_regex_findings] expected: The static scanner found no code files to analyze; this is consistent with an instruction-only skill, but it means the SKILL.md is the only surface to inspect. The lack of code files is expected but leaves runtime behavior undocumented.
What to consider before installing
This skill says it uses the Membrane CLI and a Membrane account to access Paragon, but the package metadata does not list the CLI as a required binary, does not include an installer, and does not declare any credentials or config paths. Before installing or enabling it, confirm with the author/source: (1) whether the Membrane CLI is required and, if so, which binary name/version and install steps are needed; (2) where credentials are expected to come from (environment variables, Membrane-managed tokens, or local config files) and whether the skill will read any local config paths; (3) whether the agent will attempt to search your filesystem or environment for auth tokens. If you cannot verify those points, treat the skill as untrusted because it could fail unexpectedly or access local auth state without clear disclosure.

Like a lobster shell, security has layers — review code before you run it.

latestvk978g7aprn9wwj1b95may4k4nx846n0f

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments