Back to skill
Skillv1.0.3
ClawScan security
Ansible · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 22, 2026, 9:09 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is internally consistent: it is an instruction-only Ansible integration that uses the Membrane CLI and a Membrane account to connect to Ansible, and it does not request unrelated credentials or unusual system access.
- Guidance
- This skill is coherent with its Ansible-integration purpose, but it depends on the third-party Membrane service and their CLI. Before installing/use: (1) verify you trust Membrane (review their privacy/security docs and the @membranehq/cli package source/repo), because Membrane will mediate access to your Ansible data; (2) note the npm global install recommendation—installing CLIs globally has system-wide effects; consider using a controlled environment (container or virtualenv) if you’re cautious; (3) be prepared to authenticate via a browser or share an authorization code for headless flows; and (4) if you need stronger assurance, review the Membrane CLI code or run CLI commands manually to confirm what data is transmitted.
Review Dimensions
- Purpose & Capability
- okThe name/description (Ansible integration) matches the instructions (use Membrane CLI to create a connector, list/run/create Ansible actions). No unrelated credentials, binaries, or config paths are requested.
- Instruction Scope
- okSKILL.md confines runtime actions to installing/using the Membrane CLI, performing Membrane login, creating/listing connections and actions, and running those actions. It does not instruct the agent to read local files, environment variables, or send data to unexpected endpoints beyond Membrane.
- Install Mechanism
- noteThe docs instruct users to install @membranehq/cli globally via npm (npm install -g @membranehq/cli@latest). This is a normal, public-npm based install but has the usual risks of installing third-party CLI tools globally; there is no embedded arbitrary download URL or archive extraction in the skill itself.
- Credentials
- okThe skill requests no environment variables or local credentials. It explicitly delegates auth to Membrane (browser-based or headless auth flow) rather than asking for API keys locally, which is proportionate to its purpose.
- Persistence & Privilege
- okThe skill is instruction-only, has no install-time footprint in the registry metadata, and does not request always:true or other elevated persistence. Model invocation is allowed (default), which is normal for skills and not by itself a concern.