Skillv1.0.3

ClawScan security

Aqilla · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 22, 2026, 7:10 PM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill is internally consistent: it is an instruction-only Aqilla integration that tells the agent/user to use the Membrane CLI to authenticate and call Aqilla actions, and it does not request unrelated credentials or hidden capabilities.
Guidance: This skill is coherent for integrating Aqilla via Membrane, but before installing or running it: 1) Review the @membranehq/cli package source and prefer a pinned version rather than blindly installing @latest; consider using npx to avoid a global install. 2) Be prepared to authenticate and grant Membrane access to Aqilla data—verify the permissions/scope during connection. 3) If you have strict environment controls, install the CLI in an isolated environment (container/VM) or audit the package code. 4) Understand that the skill delegates auth to Membrane (which will store tokens/connection metadata), so treat the Membrane account and any connection IDs as sensitive. If you want stronger assurance, ask the publisher for an install spec or link to the exact CLI release used.

Review Dimensions

Purpose & Capability: okThe skill's name and description (Aqilla integration) match the instructions: it exclusively describes using the Membrane CLI to connect to Aqilla, search for actions, create and run actions. There are no unrelated required env vars, binaries, or config paths.
Instruction Scope: okSKILL.md instructs installing and using the Membrane CLI, performing login/connect/action-list/run flows, and interacting with Aqilla via Membrane. It does not direct the agent to read arbitrary system files, harvest unrelated environment variables, or exfiltrate data to unexpected endpoints.
Install Mechanism: noteThe skill has no packaged install spec (instruction-only) but directs users to install @membranehq/cli globally via npm (or use npx in examples). Installing a third-party global npm CLI is a reasonable, expected mechanism for this integration, but it does introduce a supply-chain risk that the user should review (package source, version pinning).
Credentials: okThe skill declares no required env vars or credentials. Authentication is delegated to the Membrane login flow (interactive or headless). The requested access is proportional to the purpose (connecting and operating on Aqilla data).
Persistence & Privilege: okThe skill does not request always:true, does not claim persistent modification of other skills or agent settings, and is user-invocable. Autonomous invocation is allowed by default but is not combined here with elevated privileges or broad credential access.