Back to skill
Skillv1.0.3
ClawScan security
Basin · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 21, 2026, 5:06 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is an instruction-only adapter that uses the Membrane CLI to interact with Basin and its requested operations and dependencies are coherent with that purpose.
- Guidance
- This skill is coherent: it tells you to install and use the official Membrane CLI to manage Basin resources. Before installing, verify the CLI package and vendor (https://getmembrane.com and the @membranehq npm owner) and prefer installing in a controlled environment (container or VM) if you want to limit exposure from npm packages. Be aware the login flow will open a browser or provide a code — you will be granting Membrane access to manage connections on your behalf, so review Membrane's privacy/security docs and the permissions granted to the Basin connector. If you need stricter controls, avoid global npm installs and run the CLI in an isolated environment or inspect the package source before use.
Review Dimensions
- Purpose & Capability
- okThe name/description (Basin integration) matches the instructions: the skill instructs using the Membrane CLI to connect to Basin, discover actions, create actions, and run them. Nothing requested or described is unrelated to a form-backend integration.
- Instruction Scope
- okSKILL.md only instructs installing and using the Membrane CLI, performing login flows, creating connections, listing and running actions; it does not ask the agent to read arbitrary local files, exfiltrate unrelated data, or use unrelated credentials. Headless login requires the user to copy a code (explicit and limited).
- Install Mechanism
- noteThe install instruction is a global npm install (@membranehq/cli@latest). This is a commonly used mechanism for CLIs but carries the usual npm-global risks (supply-chain, arbitrary code execution on install). No obscure or external download URLs are used.
- Credentials
- okThe skill declares no required environment variables, no credentials, and its documentation explicitly advises letting Membrane handle credentials instead of asking users for API keys. There are no disproportionate secret requests.
- Persistence & Privilege
- okalways is false and the skill does not request system-wide configuration changes or persistent privileges. It is instruction-only and does not modify other skills or agent settings.