Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Specify
v1.0.0Specify integration. Manage data, records, and automate workflows. Use when the user wants to interact with Specify data.
⭐ 0· 43·0 current·0 all-time
byMembrane Dev@membranedev
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
The name/description (Specify integration) match the runtime instructions: all actions described use the Membrane CLI to discover connectors, create a connection to Specify, run pre-built actions, or proxy raw requests to the Specify API. There are no unrelated requirements or hidden capabilities in the SKILL.md.
Instruction Scope
Instructions stay within the stated purpose (install Membrane CLI, login, connect to Specify, list/run actions, proxy requests). However the Membrane proxy will see proxied requests and credentials — the user must trust Membrane with request payloads and tokens. The skill also asks the user to install and run a third-party CLI and to open browser OAuth flows; these are expected but are privacy surface area to consider.
Install Mechanism
This is an instruction-only skill (no install spec). SKILL.md recommends installing @membranehq/cli via npm -g or using npx. Installing a global npm package is a moderate supply-chain risk compared with no install; using npx or pinning a specific release reduces risk. There is no direct download from unknown hosts in the skill bundle itself.
Credentials
The skill requests no environment variables or local secrets and explicitly instructs not to ask users for API keys (Membrane manages auth). That is proportionate to the stated purpose, but it shifts credential custody to Membrane — meaning Membrane (the remote service) will hold and refresh tokens and will see proxied API traffic.
Persistence & Privilege
Flags are normal: always:false and disable-model-invocation:false (agent may call the skill autonomously, which is expected). The skill does not request persistent system privileges or modify other skills. Users should still be aware that an agent with access to a Membrane connection can run actions on their behalf.
Assessment
This skill is coherent for interacting with Specify via Membrane, but before installing or using it you should: 1) verify and trust the @membranehq/cli package on npm (check the package page, repository, and recent activity); 2) prefer npx or pin a known-good version instead of npm -g if you want to avoid a global install; 3) understand that Membrane will hold tokens and see proxied requests — review Membrane's privacy/security docs and consider whether that is acceptable for your data; 4) when using the skill in an automated agent, limit which connections/actions the agent can run and audit activity in your Membrane account; 5) avoid running in highly sensitive environments without first auditing the CLI code or using a vetted deployment; and 6) if you need higher assurance, request the skill author provide a signed release or a repository commit link to the exact CLI version referenced. I have medium confidence because this is an instruction-only skill (no code to inspect) and the npm-hosted CLI and remote Membrane service were not audited here.Like a lobster shell, security has layers — review code before you run it.
latestvk973yz8kfpp5sw1q88wev4xzpx84etg8
License
MIT-0
Free to use, modify, and redistribute. No attribution required.