ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Pingdom

v1.0.2

Pingdom integration. Manage Checks, AlertPolicies, Reports, Integrations, Users. Use when the user wants to interact with Pingdom data.

0· 164·0 current·0 all-time
byMembrane Dev@membranedev
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name and description (Pingdom integration) match the SKILL.md instructions, which describe using the Membrane CLI/proxy to manage Pingdom Checks, Reports, Users, etc. Asking the user to create a Membrane connection is expected for this purpose.
Instruction Scope
Instructions are limited to installing/using the Membrane CLI, logging in, creating connections, listing actions, running actions, and proxying requests to the Pingdom API — all within the stated goal. Minor mismatch: skill metadata lists no required binaries/env, but the instructions implicitly require npm (or npx) and network access and a browser for auth; these requirements are not declared in the registry metadata.
Install Mechanism
This is instruction-only (no packaged install spec). The SKILL.md recommends installing @membranehq/cli via npm -g and uses npx to run latest commands. Installing from the public npm registry is common but carries the usual moderate risk of running third-party code; no archive downloads or obscure URLs are used.
Credentials
The skill requests no local environment variables or secrets and explicitly advises not to ask users for API keys. It does require a Membrane account/connection (server-side credentials managed by Membrane), which is proportionate to delegating auth to that service — users must trust Membrane to store/handle credentials.
Persistence & Privilege
always is false and there is no install-time modification of other skills or system-wide configs described. The skill being invocable/autonomous by default is normal and not by itself a concern.
Assessment
This skill delegates Pingdom integration to the Membrane service and requires you to install the @membranehq/cli (npm) and to sign in to a Membrane account. Before installing or running: (1) confirm you are comfortable trusting Membrane to manage your Pingdom credentials and tokens; (2) be aware npm -g will install code globally — you may prefer to inspect the package or install locally; (3) npx will fetch remote code when used with @membranehq/cli@latest; (4) verify the Membrane project (getmembrane.com and the GitHub repo) are legitimate for your organization; (5) the skill does not request local secrets or access unrelated files. If any of those trust or policy concerns are unacceptable, do not install or use the CLI and instead integrate with Pingdom by other means.

Like a lobster shell, security has layers — review code before you run it.

latestvk978w5sq2d9nek1g26q1rm86k5842pe8

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments