ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

XferOps Forge

v1.0.5

Manage projects and tasks with the Forge project management API via MCP. Use when creating, updating, or searching tasks/tickets, managing projects and colum...

0· 400·0 current·0 all-time
byxferops@parker-xferops
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The split into three sub-skills (dev workflow, board admin, setup) aligns with the stated goal of managing projects/tasks via a Forge MCP. The listed forge_* commands and workflows are coherent with the description.
Instruction Scope
SKILL.md instructs the agent/operator to install an MCP adapter (npx -y @xferops/forge-mcp) and to add FORGE_URL and FORGE_TOKEN to ~/.mcporter/mcporter.json so the MCP can call the Forge API. The instructions do not ask the agent to read arbitrary unrelated files or exfiltrate data, but they do direct writing a client config file in the user's home and rely on an API token that will permit remote actions.
!
Install Mechanism
There is no registry install spec, but the setup instructions tell the operator to run 'npx -y @xferops/forge-mcp'. npx will fetch and execute code from the npm registry at runtime. That is a moderate-to-high risk action if the package origin is not verified; the SKILL metadata provides no homepage or source to validate the package.
!
Credentials
The skill metadata declares no required env vars or primary credential, but the setup instructions explicitly require FORGE_URL and FORGE_TOKEN (with legacy FLOWER_* fallbacks). This is a direct mismatch: the skill will not function without an API token, so the absence of declared credentials in metadata is misleading and hides a high-value secret requirement.
Persistence & Privilege
always:false and no special OS restrictions — normal. However, if the MCP is configured with a FORGE_TOKEN and the agent is allowed autonomous invocation, the skill (when invoked) could perform remote operations using that token. This is not inherently malicious but increases the sensitivity of the undisclosed credential.
What to consider before installing
Proceed cautiously. The skill's behavior is mostly coherent with its description, but it requires you to install an npm package via npx and to add FORGE_URL/FORGE_TOKEN to your MCP client config even though the registry metadata declares no credentials — this is a mismatch you should resolve before installing. Before using: 1) Verify the @xferops/forge-mcp package and the domain (forge.xferops.dev) are legitimate and come from an expected maintainer (check npm page, repository, and package signing if available). 2) Create a scoped, least-privilege API token in Forge (rotate/delete it if you later remove the skill). 3) Consider running the npx install in an isolated environment (or inspect the package contents) rather than running it on a production host. 4) Update or ask the publisher to update registry metadata to declare required env vars (FORGE_URL/FORGE_TOKEN) so the credential requirement is explicit. If you cannot verify the package/source, do not install or provide a long-lived token.

Like a lobster shell, security has layers — review code before you run it.

latestvk975rnpkttxnd6ek9v4dfm3yfn833yah

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments