ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Victorops

v1.0.0

VictorOps integration. Manage data, records, and automate workflows. Use when the user wants to interact with VictorOps data.

0· 41·0 current·0 all-time
byMembrane Dev@membranedev
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The skill is an integration for VictorOps and all runtime instructions ask the user to install and use the @membranehq/cli to connect to VictorOps. Requesting a Membrane account and using its connector model is coherent with the described purpose.
Instruction Scope
SKILL.md stays on-topic: it instructs installing the Membrane CLI, logging in, creating connections, listing actions, running actions, and proxying requests via Membrane. It does not instruct reading arbitrary local files, exporting unrelated environment variables, or contacting unexpected third parties. Note: proxying means request payloads and responses will flow through Membrane's service (so review what data you send).
Install Mechanism
This is an instruction-only skill (no automated install), which is low-risk. The doc tells users to run `npm install -g @membranehq/cli`; installing a global npm package is a reasonable manual step but carries the usual supply-chain considerations for npm packages (verify the package name, publisher, and its authenticity).
Credentials
The skill declares no required environment variables or credentials. Authentication is handled interactively by the Membrane CLI and the Membrane service, which is proportionate to the stated integration purpose.
Persistence & Privilege
The skill does not request always:true and is user-invocable only. It does not request to modify other skills or system-wide settings. No elevated or persistent privileges are requested by the skill manifest.
Assessment
This skill is coherent with its description, but before installing or using it: (1) confirm you're comfortable routing VictorOps requests through Membrane — request and response data will pass through their service; (2) verify the npm package name and publisher (@membranehq/cli) before installing to avoid typosquatting; (3) run actions and proxy requests with care (review input JSON and headers) so you don't send sensitive data inadvertently; and (4) use least-privilege accounts/connections in Membrane and review Membrane's privacy/security documentation if you handle regulated or sensitive incident data.

Like a lobster shell, security has layers — review code before you run it.

latestvk97e3k103gbgcdknydmrd567gs84hx6p

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments