ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Proliant

v1.0.0

Proliant integration. Manage data, records, and automate workflows. Use when the user wants to interact with Proliant data.

0· 49·0 current·0 all-time
byMembrane Dev@membranedev
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The skill's name/description (Proliant integration) matches the instructions to use Membrane to talk to a Proliant API. One minor inconsistency: the SKILL.md lists entities like 'Matter', 'Invoice', 'Time Entry' which look like a templated/CRM data model rather than HP ProLiant server hardware concepts; this appears to be editorial noise rather than a functional mismatch.
Instruction Scope
All runtime instructions are constrained to installing and using the Membrane CLI and using Membrane's action and request proxy to interact with Proliant. The instructions do not request unrelated file reads, environment variables, or other system credentials. The proxy feature allows arbitrary proxied API calls (expected for an integration) — be aware those proxied requests route through Membrane's service.
Install Mechanism
This is instruction-only (no packaged install). The SKILL.md suggests installing @membranehq/cli via 'npm install -g', which is a normal way to obtain the CLI but carries the usual caveats of installing global npm packages (supply-chain risk if the package or a dependency is compromised). The skill itself does not automatically install software.
Credentials
The skill declares no required environment variables or credentials. It delegates authentication to Membrane and instructs users to use 'membrane login' rather than supplying API keys locally, which is proportionate. Note that account credentials and tokens will be managed server-side by Membrane, so trust in that service matters.
Persistence & Privilege
The skill does not request 'always:true' and uses default autonomous invocation behavior. It does not ask to modify other skills or system-wide settings. No persistence or elevated system privileges are requested by the skill.
Assessment
This skill is instruction-only and uses Membrane's CLI and proxy to talk to Proliant. Before installing or using it: 1) Confirm you trust the @membranehq/cli npm package (check the package on the npm registry and the linked GitHub repo). 2) Understand that authentication is handled server-side by Membrane — your Proliant access will be mediated by Membrane's service, so review its privacy/security posture. 3) Installing global npm packages has supply-chain risk; prefer sandboxed environments if unsure. 4) The SKILL.md contains some templated entity names that don't align perfectly with server hardware domain — consider asking the skill author for clarification if behavior seems unexpected. Overall the skill is internally consistent with its stated purpose, but you should vet the Membrane service and CLI before granting access to sensitive data.

Like a lobster shell, security has layers — review code before you run it.

latestvk97ae15w09x7kc46vtw9bnyt4s84a4fs

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments