ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Perspectium

v1.0.0

Perspectium integration. Manage data, records, and automate workflows. Use when the user wants to interact with Perspectium data.

0· 46·0 current·0 all-time
byMembrane Dev@membranedev
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The SKILL.md describes interacting with Perspectium via the Membrane CLI and does not request unrelated env vars, binaries, or system paths. Asking the user to install @membranehq/cli and to authenticate with Membrane is appropriate for a Membrane-backed Perspectium integration.
Instruction Scope
All runtime instructions are limited to installing/using the Membrane CLI (login, listing/connecting, running actions, and proxying requests). The skill suggests using the Membrane proxy to make arbitrary API requests to Perspectium endpoints — this is expected for a proxy-based integration but means the CLI/connection will be able to perform any actions permitted by the created Membrane connection.
Install Mechanism
There is no embedded install spec; the README asks the user to run npm install -g @membranehq/cli or use npx. This is a normal approach for a CLI, but using npx/@latest fetches code from the npm registry at runtime (dynamic code). Consider pinning a version or verifying the package source before installing.
Credentials
The skill does not request environment variables, credentials, or config paths. The SKILL.md explicitly advises against collecting API keys and directs users to create Membrane connections instead, which is proportionate to the stated purpose.
Persistence & Privilege
The skill is instruction-only, has no installs that would force persistent presence, and is not configured as always:true. It does not request modification of other skills or system-wide settings.
Assessment
This skill is a set of instructions telling the agent to use the official Membrane CLI to interact with Perspectium — it does not embed code or request secrets. Before installing or running commands: 1) verify the @membranehq/cli package and the Membrane service (getmembrane.com / the GitHub repo) are trustworthy for your environment; 2) prefer installing a pinned CLI version instead of npx @latest to avoid pulling unexpected changes; 3) be aware that any Membrane connection you create grants the CLI/proxy the permissions of that connection (only grant the minimum needed); and 4) avoid pasting sensitive local secrets into commands — the skill explicitly recommends using Membrane to manage auth rather than exchanging raw API keys.

Like a lobster shell, security has layers — review code before you run it.

latestvk97fen7ww0pqcgq8spmskvpd9s84f2xr

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments