ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Tonic

v1.0.0

Tonic integration. Manage data, records, and automate workflows. Use when the user wants to interact with Tonic data.

0· 44·0 current·0 all-time
byMembrane Dev@membranedev
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The skill is presented as a Tonic integration and the SKILL.md consistently instructs the agent to use the Membrane CLI to discover and run Tonic-related actions or proxy requests to the Tonic API. Required pieces (CLI, network, Membrane account) are coherent with this purpose.
Instruction Scope
Instructions are focused on installing and using the Membrane CLI, creating connections, listing actions, running actions, and proxying requests. These are within the stated scope. Note: the skill instructs installing a global npm package and performing browser-based authentication; it also encourages using Membrane as the data proxy, which means Tonic traffic and credentials are handled by Membrane rather than local config — this is expected but important for trust considerations.
Install Mechanism
There is no embedded install spec in the bundle, but SKILL.md instructs users to run 'npm install -g @membranehq/cli' (and suggests using npx for some commands). Using an official npm package is a common pattern, but global npm installs execute third-party code on the host and carry the usual supply-chain risks. The instruction does not use obscure URLs or installers.
Credentials
The skill declares no required environment variables, credentials, or config paths. The SKILL.md explicitly recommends not asking users for API keys and relying on Membrane-managed connections, so environment/credential requests are proportional and minimal.
Persistence & Privilege
The skill is not marked always:true and is user-invocable. It does not request persistent privileges, modify other skills, or require system-wide configuration beyond the suggested CLI install.
Assessment
This skill appears to do what it says: it uses the Membrane CLI to interact with Tonic. Before installing or using it: (1) Be prepared to install a third-party npm CLI globally (or use npx) — global installs run code on your machine; consider installing in an isolated environment or verifying the package repository. (2) Using the skill routes requests and auth through Membrane (getmembrane.com), so you must trust that service with session/auth data and any proxied payloads. (3) The skill does not ask for local secrets or env vars, but when authenticating you will complete a browser-based login that grants Membrane access to Tonic on your behalf. (4) If you need stricter controls, run the CLI in a container, inspect the @membranehq/cli package source, or prefer ephemeral npx usage instead of a global install.

Like a lobster shell, security has layers — review code before you run it.

latestvk972kgr30w4aybbd6v95mm683n84eqbr

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments