ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Precoro

v1.0.0

Precoro integration. Manage data, records, and automate workflows. Use when the user wants to interact with Precoro data.

0· 48·0 current·0 all-time
byMembrane Dev@membranedev
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
CryptoRequires walletCan make purchases
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The name/description say this is a Precoro integration. The SKILL.md explicitly states it "Requires network access and a valid Membrane account," which implies authenticated API access. Yet the skill metadata lists no required environment variables, no primary credential, and no config paths. That is inconsistent: a connector normally needs an API key/token or at least a documented auth flow.
Instruction Scope
This is an instruction-only skill (SKILL.md) that appears to describe supported Precoro entities. The provided excerpt does not show concrete runtime commands, file reads, or credential-handling steps, but it is vague about how credentials are supplied and what external endpoints are contacted (mentions membrane/getmembrane). The lack of explicit runtime instructions for authentication or endpoints is ambiguous and grants the implementer wide discretion.
Install Mechanism
No install spec and no code files are present, so nothing will be written to disk during install. Instruction-only skills are lower-risk from an install perspective.
!
Credentials
The SKILL.md declares a requirement for a Membrane account but the skill metadata does not request any credentials (API key, token, or primaryEnv). Either the skill expects interactive credential entry or hidden/undocumented env vars — both are disproportionate and unclear. This is the primary incoherence.
Persistence & Privilege
The skill is not always-enabled, is user-invocable, and has no install hooks or self-modifying behavior described. There is no evidence it requests elevated or persistent system privileges.
What to consider before installing
This skill claims it needs a Membrane account and network access to work but the registry metadata doesn't declare any required credentials or install steps. That mismatch is a red flag: before installing, ask the publisher how authentication is handled (what exact secret or OAuth flow is required), whether the skill will prompt you to paste credentials into chat, and which endpoints it will call. If you need to use it, prefer creating least-privileged API credentials with tight scopes and audit network activity. If the publisher can't clearly explain the auth flow or supply a public repo/manifest showing safe behavior, treat this skill with caution or avoid installing it.

Like a lobster shell, security has layers — review code before you run it.

latestvk9788k4awq6412xds45dzbpcz984ea79

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments