ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Google Directory

v1.0.0

Google Directory integration. Manage Users, Groups, Roles. Use when the user wants to interact with Google Directory data.

0· 39·0 current·0 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name and description match the runtime instructions: the skill uses the Membrane CLI to interact with Google Directory (users, groups, roles). Requiring network access and a Membrane account is expected for this purpose.
Instruction Scope
SKILL.md explicitly instructs running npx @membranehq/cli commands, performing browser-based login, and that credentials will be stored at ~/.membrane/credentials.json. It also documents a proxy request feature that lets you send arbitrary paths or full URLs through Membrane. These behaviors are within the claimed purpose but broaden the scope (local credential files, proxying arbitrary requests) and are not declared in the registry metadata.
!
Install Mechanism
There is no install spec in the registry, but SKILL.md relies on npx @membranehq/cli@latest at runtime. Using npx with the unpinned @latest tag executes remote npm package code dynamically each run (moderate risk). The skill does not pin to a specific version or provide a verified install artifact, increasing the attack surface.
Credentials
The skill declares no required env vars or primary credential, which aligns with delegating auth to Membrane. However, the instructions explicitly cause credentials to be created and stored at ~/.membrane/credentials.json — a local config path that the registry metadata did not list. This is proportionate to the functionality but should have been declared.
Persistence & Privilege
The skill is not forced-always, and it does not request elevated platform privileges. It will, however, result in credential material being written to ~/.membrane/credentials.json when the user completes login; that local persistence is normal for CLI-based auth but should be expected and disclosed.
What to consider before installing
This skill appears to do what it says (use Membrane to talk to Google Directory), but there are a few practical risks to weigh before installing or running it: - The instructions run npx @membranehq/cli@latest, which downloads and executes the latest code from npm each time. Consider pinning to a specific package version (not @latest) or reviewing the package source before use to reduce risk. - Logging in writes credentials to ~/.membrane/credentials.json. Expect local credential files and ensure you trust where those credentials are stored and who can read them on the host. - The skill proxies arbitrary requests through Membrane (you can pass full URLs). That is useful but means the CLI can be used to send arbitrary data through a third-party service — ensure you trust Membrane's privacy/security model and avoid sending sensitive data unless you understand where it goes. - The registry listing has no source or homepage; verify the Membrane CLI package and the skill owner before using in production environments. If you plan to use this skill: verify the @membranehq/cli npm package (source repository, maintainers), prefer a pinned version, and consider testing in an isolated environment first. If you need higher assurance, ask the skill author for a homepage/source link and for the registry metadata to declare the ~/.membrane/credentials.json path explicitly.

Like a lobster shell, security has layers — review code before you run it.

latestvk9739jbp5e2kmx30rx025g6das84beqd

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments