ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Storyscale

v1.0.0

StoryScale integration. Manage data, records, and automate workflows. Use when the user wants to interact with StoryScale data.

0· 30·0 current·0 all-time
byMembrane Dev@membranedev
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (StoryScale integration) align with the runtime instructions: the SKILL.md exclusively describes using the Membrane CLI to connect to StoryScale and run/proxy API requests, which is a coherent implementation approach.
Instruction Scope
The instructions stay on-purpose: they tell the user/agent how to install and use the Membrane CLI, login via browser, create a connector, list actions, run actions, and proxy requests. There are no directives to read unrelated files, request unrelated environment variables, or exfiltrate data to unexpected endpoints.
Install Mechanism
Registry has no formal install spec (lowest platform risk), but the SKILL.md recommends running `npm install -g @membranehq/cli` (and suggests `npx` for ad-hoc calls). This is reasonable for a CLI-based integration but carries the usual npm/global install risks (code execution from the package). Verify the package and vendor before installing globally.
Credentials
The skill declares no required env vars or credentials and explicitly delegates auth to Membrane (browser-based login / server-side token management). Requested access is proportional to the stated purpose.
Persistence & Privilege
No 'always:true' privilege, no platform-level persistence requested. The CLI will likely store its own local config (typical), but the skill does not request system-wide changes or other skills' configs.
Assessment
This skill is coherent and relies on the Membrane CLI to talk to StoryScale. Before using it: (1) confirm you trust the vendor (getmembrane.com) and inspect the @membranehq/cli package/repository on npm/GitHub; (2) prefer running via npx or in a sandbox rather than installing globally if you want to limit exposure; (3) expect a browser-based login flow and that Membrane will manage tokens server-side (so you shouldn't be asked for raw API keys); (4) review Membrane's privacy/security documentation to understand where your StoryScale data and credentials are stored/processed; (5) if you have strict security controls, test the workflow in an isolated environment before granting access on production machines.

Like a lobster shell, security has layers — review code before you run it.

latestvk97dgbtabzgk76z8z57evrtz9984509r

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments