ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Fatture In Cloud

v1.0.0

Fatture in Cloud integration. Manage data, records, and automate workflows. Use when the user wants to interact with Fatture in Cloud data.

0· 17·0 current·0 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
CryptoCan make purchases
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (Fatture in Cloud integration) matches the instructions: all runtime steps use the Membrane CLI to discover and run actions or proxy requests to the Fatture in Cloud API. No unrelated services, binaries, or credentials are requested.
Instruction Scope
SKILL.md confines actions to installing/using the Membrane CLI, creating a Membrane connection, listing actions, running actions, and proxying requests to the Fatture in Cloud API. It does not instruct reading unrelated system files, environment variables, or posting data to unknown endpoints. The proxy capability can send arbitrary requests to the Fatture in Cloud API (expected for this use case).
Install Mechanism
There is no formal install spec in the registry, but the instructions tell the user to install @membranehq/cli via npm -g. Installing a global npm package is a normal mechanism but does execute third‑party code from the npm registry; this is expected but worth validating (see guidance).
Credentials
The skill declares no environment variables or credentials. It explicitly instructs not to ask users for API keys and relies on Membrane to manage auth server-side. Requesting a Membrane account and network access is proportionate to the stated purpose.
Persistence & Privilege
always is false and the skill has no install-time code or config that would give it persistent system presence. Allowing autonomous invocation is the platform default and not a separate concern here.
Assessment
This skill is instruction-only and delegates all access to Fatture in Cloud through the Membrane service and its CLI. Before installing or following the instructions: 1) Verify the @membranehq/cli package and author on the npm registry (or use npx to avoid a global install) because installing a global npm package runs third-party code. 2) Understand that you must create a Membrane account and complete browser-based auth; Membrane will store and refresh your Fatture in Cloud credentials server-side, so you should trust that service before proceeding. 3) Be cautious when using the 'membrane request' proxy — it can send arbitrary requests to the API, so only run calls you expect. 4) The skill itself contains no code and cannot be auto-installed by the platform; you will need to install/login to the CLI yourself. If you want stronger assurance, review the Membrane project's repository and npm package details before granting it access to your accounts.

Like a lobster shell, security has layers — review code before you run it.

latestvk9756xrm236kxc73ydrthj6mxx8497xw

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments