ClawHub
Back to skill
v1.0.4

Aerisweather

ReviewClawScan verdict for this skill. Analyzed Apr 30, 2026, 4:18 PM.

Analysis

This looks like a plausible AerisWeather integration, but it asks the agent/user to install and run an unpinned global Membrane CLI outside the declared install metadata.

GuidanceBefore installing, confirm you trust Membrane's CLI package, prefer a pinned version instead of @latest, avoid global installation if possible, and review any Membrane/AerisWeather connection permissions before granting persistent access.

Findings (7)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Agent Goal Hijack
SeverityLowConfidenceHighStatusNote
SKILL.md
`clientAction.agentInstructions` (optional) — instructions for the AI agent on how to proceed programmatically.

The skill allows instructions returned by the Membrane connection flow to guide the agent. That can be useful for setup, but these external instructions should not override the user's goal or higher-priority instructions.

User impactA service response may influence what the agent does next during connection setup.
RecommendationTreat returned agent instructions as operational hints only, and confirm they match the user's request before following them.
Tool Misuse and Exploitation
SeverityLowConfidenceHighStatusNote
SKILL.md
`membrane action list --connectionId=CONNECTION_ID --intent "QUERY" --limit 10 --json` ... `membrane action run <actionId> --connectionId=CONNECTION_ID --json`

The skill uses dynamic action discovery and execution through a CLI. This is aligned with an integration skill, but action execution is broad and the instructions do not explicitly require user confirmation before running discovered actions.

User impactThe agent may run Membrane actions selected from a live connection, which could do more than a simple weather lookup if the connection exposes broader actions.
RecommendationReview the action name, input, and connection before allowing the agent to run it, especially for any action that changes data or settings.
Agentic Supply Chain Vulnerabilities
SeverityMediumConfidenceHighStatusConcern
SKILL.md
npm install -g @membranehq/cli@latest

The skill instructs users to install a global npm package at @latest. This is unpinned and not represented in the provided install spec, creating a supply-chain and provenance gap.

User impactInstalling the skill may execute a newer or different CLI package than the reviewer or user expected, and it modifies the global environment.
RecommendationPrefer a pinned CLI version, document it in the install spec, and avoid global installation unless clearly necessary.
Unexpected Code Execution
SeverityMediumConfidenceHighStatusConcern
SKILL.md
npx @membranehq/cli connection get <id> --wait --json

The runtime instructions invoke an npm-hosted CLI through npx, which can execute external package code as part of normal use. This code execution path is not captured by the skill's no-install-spec metadata.

User impactUsing the skill may run external CLI code on the user's machine even though the registry presents it as instruction-only.
RecommendationOnly run the CLI from a trusted, pinned installation and ensure users approve local command execution.
Cascading Failures
SeverityLowConfidenceHighStatusNote
SKILL.md
If no app is found, one is created and a connector is built automatically.

A mistaken URL/domain or setup flow can create a persistent Membrane app/connector. This is part of the intended workflow, but it means setup mistakes may persist beyond the immediate task.

User impactA wrong connection choice could leave behind an unintended connector or account connection in Membrane.
RecommendationVerify the domain and connection before creating it, and clean up unused Membrane connections or connectors.
Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse
SeverityMediumConfidenceHighStatusNote
SKILL.md
Membrane handles authentication and credentials refresh automatically — so you can focus on the integration logic rather than auth plumbing.

The skill uses delegated authentication and automatic credential refresh. This is disclosed and relevant to the AerisWeather integration, but it means persistent account access may be granted through Membrane.

User impactConnecting the skill may give Membrane ongoing access to the relevant AerisWeather account or API credentials.
RecommendationUse the minimum account permissions available and know how to revoke the Membrane/AerisWeather connection when no longer needed.
Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning
SeverityLowConfidenceHighStatusNote
SKILL.md
`clientAction.agentInstructions` (optional) — instructions for the AI agent on how to proceed programmatically.

The skill may place service-provided instructions into the agent's working context. This is useful for setup, but retrieved instructions can be over-trusted if not treated as untrusted operational data.

User impactA connection response could steer the agent's next steps if the agent treats it as authoritative.
RecommendationDo not let returned setup instructions override user intent, security rules, or credential-handling boundaries.