Skillv1.0.3

ClawScan security

Baserow · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 2, 2026, 8:55 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill is internally coherent: it delegates Baserow access to the Membrane CLI, requests no unrelated credentials, and its instructions match the described purpose — but it requires installing and trusting the @membranehq/cli and will proxy requests through Membrane, so review trust/privacy before use.
Guidance: This skill appears to do what it says: it uses the Membrane CLI to access Baserow and asks you to install @membranehq/cli and sign in with a Membrane account. Before installing or using it: 1) confirm the @membranehq/cli package and the Membrane service (getmembrane.com / the GitHub repo) are the official/trusted sources; 2) understand that requests and data will be proxied through Membrane's servers (check their privacy/security docs and permissions for the connector); 3) prefer installing the CLI in a contained environment (container or VM) if you are wary of global npm installs, and run `npm audit`/inspect package source; and 4) if you need to avoid third-party transit of sensitive data, do not use the proxy path — instead use a direct, vetted integration that you control.

Review Dimensions

Purpose & Capability: okName/description and runtime instructions align: the skill is a Baserow integration that uses the Membrane CLI to manage workspaces, users, roles, and raw API proxying. There are no unexpected environment variables, binaries, or config paths requested.
Instruction Scope: noteSKILL.md keeps instructions within the integration scope (install CLI, login, create/inspect connections, run actions, or proxy to Baserow). It does instruct the agent/user to open a browser for authentication or complete a headless login flow. Important privacy note: proxying with `membrane request` sends requests via Membrane and therefore transmits request/response data to Membrane's service — this is expected but worth reviewing.
Install Mechanism: noteNo formal install spec in registry (instruction-only). The doc asks users to run `npm install -g @membranehq/cli` — a public npm global install. This is a standard but moderately privileged install (global npm packages can run install scripts). Verify the package identity and trustworthiness before installing and consider installing in an isolated environment if concerned.
Credentials: okThe skill declares no required env vars or credentials and explicitly advises against asking users for API keys (use Membrane connections instead). It does require a Membrane account and network access, which are proportional to the described functionality.
Persistence & Privilege: okThe skill is not always-enabled and does not request persistent system-level privileges. It does not modify other skills or system-wide agent settings and relies on user-invoked CLI commands; autonomous invocation is allowed by platform default but is not accompanied by other red flags.