ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

The Trade Desk

v1.0.0

The Trade Desk integration. Manage data, records, and automate workflows. Use when the user wants to interact with The Trade Desk data.

0· 47·0 current·0 all-time
byMembrane Dev@membranedev
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the instructions: the SKILL.md consistently instructs using Membrane to manage The Trade Desk data. No unrelated credentials, binaries, or config paths are requested.
Instruction Scope
Instructions are scoped to installing and using the Membrane CLI (login, create connection, list/run actions, proxy requests). They do not ask the agent to read local files, export unrelated credentials, or contact unexpected endpoints beyond Membrane and The Trade Desk APIs.
Install Mechanism
There is no install spec in the manifest, but SKILL.md instructs the user to run 'npm install -g @membranehq/cli'. Installing a global npm CLI is a reasonable requirement for this skill but carries the usual npm package risks (running third-party code, global install). Using npx or reviewing the package before global install are reasonable mitigations.
Credentials
The skill requests no environment variables or local credentials and explicitly recommends letting Membrane manage auth. Requiring a Membrane account and network access is proportionate to the described integration.
Persistence & Privilege
The skill is not always-included, does not request elevated platform privileges, and is instruction-only. The only persistence/privilege effect is installing the Membrane CLI if the user chooses to follow the instructions.
Assessment
This skill is coherent: it delegates auth and API calls to the Membrane service and asks you to install the official Membrane CLI. Before installing or using it: verify you trust getmembrane.com/@membranehq and the npm package, consider using 'npx @membranehq/cli' instead of a global install, review the CLI package source or checksum if you have security concerns, and be aware that authorizing a Membrane connection grants Membrane (and any agent using this skill) the ability to act on The Trade Desk data for the connected account. If you want to limit risk, avoid granting broad agent autonomy or limit the account/permissions used for connections.

Like a lobster shell, security has layers — review code before you run it.

latestvk97an84xeemxdyrzfztj8mph6d84er2k

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments