Back to skill
Skillv1.0.3
ClawScan security
Aws S3 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 21, 2026, 12:04 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- This skill is internally consistent: it delegates AWS S3 access to the Membrane CLI/service, asks for no unrelated credentials, and its runtime instructions match the described purpose.
- Guidance
- This skill delegates S3 access to the Membrane service and asks you to install the Membrane CLI and authenticate via a browser flow. Before installing, verify you trust the Membrane vendor and the @membranehq/cli npm package (check the package page, maintainers, and versions). Installing a global npm CLI runs third-party code — prefer installing in a controlled environment or using a non-global/local install if you need extra isolation. Confirm the Membrane connection uses least-privilege AWS credentials and monitor any AWS activity tied to the connection. Finally, remember that the agent can call this skill autonomously (normal behavior), so only enable it if you trust the skill and account used for the connection.
Review Dimensions
- Purpose & Capability
- okName/description (AWS S3 integration) align with the instructions: the SKILL.md instructs the agent to use the Membrane CLI to create a connector to aws-s3 and run actions. The claimed requirements (network and a Membrane account) match the workflow.
- Instruction Scope
- okRuntime instructions are scoped to installing the Membrane CLI, logging in via browser/headless flow, creating a connection, discovering and running actions, and polling for build state. The instructions do not ask the agent to read arbitrary local files, request unrelated environment variables, or exfiltrate data to third-party endpoints beyond Membrane/AWS.
- Install Mechanism
- noteNo install spec in the skill bundle; SKILL.md recommends installing @membranehq/cli globally via npm (npm install -g @membranehq/cli@latest). Installing a global npm package is a reasonable way to get a CLI but carries the moderate risk inherent to running third-party npm packages — verify package provenance and consider using a constrained environment or non-global install if concerned.
- Credentials
- okThe skill declares no required environment variables, no credentials, and relies on Membrane to handle auth. That is proportionate to the stated purpose; there are no requests for unrelated secrets or system config paths.
- Persistence & Privilege
- okalways is false and the skill does not request system-wide configuration changes. The skill instructs use of the Membrane CLI which will create a local auth/session as part of normal CLI login; there is no evidence it modifies other skills or global agent settings.