ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Simplescraper

v1.0.0

Simplescraper integration. Manage data, records, and automate workflows. Use when the user wants to interact with Simplescraper data.

0· 46·0 current·0 all-time
byMembrane Dev@membranedev
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (Simplescraper integration) match the instructions: the SKILL.md tells the agent to use the Membrane CLI to create a connection and run Simplescraper-related actions. No unrelated credentials or tools are requested.
Instruction Scope
Runtime instructions are narrowly scoped to installing/using the Membrane CLI, creating a connection, listing actions, running actions, and proxying requests. The instructions do not ask the agent to read unrelated files, environment variables, or send data to unexpected endpoints. They do require network access and a Membrane account (documented).
Install Mechanism
There is no formal install spec in the skill bundle, but SKILL.md recommends installing @membranehq/cli via `npm install -g` (and offers npx usage). Installing a global npm package will write code to disk and run CLI code from the npm registry — a common but non-trivial action. This is moderate risk only insofar as you must trust the package and publisher; prefer using npx or inspecting the package before global install.
Credentials
The skill requires no environment variables or local secrets. The SKILL.md explicitly instructs to let Membrane handle credentials and not to ask users for API keys, which is proportionate to the stated purpose.
Persistence & Privilege
The skill is instruction-only, has always=false, and does not request persistent privileges or modify other skills/system-wide settings. It does not attempt to enable itself or store credentials locally.
Assessment
This skill appears coherent and limited to orchestrating the Membrane CLI to access Simplescraper. Before installing/using it: (1) confirm you trust the @membranehq npm package and the Membrane service (review the package on npm and the GitHub repo linked in SKILL.md); (2) prefer using `npx @membranehq/cli@latest` for one-off runs instead of a global `npm install -g`; (3) be aware the workflow uses browser-based auth and proxies requests through Membrane — you must trust Membrane to handle your Simplescraper credentials; (4) avoid installing CLIs globally on sensitive/production hosts until you’ve reviewed the package source; (5) if you need stronger assurance, review the Membrane CLI source code and the repository referenced in SKILL.md before proceeding.

Like a lobster shell, security has layers — review code before you run it.

latestvk973wndm2gsmdm8zxfvmrmf98s84fw9k

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments