Back to skill
Skillv1.0.3
ClawScan security
Beanstalk · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousApr 21, 2026, 5:06 PM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill appears to be a Membrane-based Beanstalk connector and its runtime instructions are reasonable, but there are internal inconsistencies (mixed descriptions of what "Beanstalk" is) and it asks users to install a global npm CLI — both warrant caution before installing or granting access.
- Guidance
- Before installing or using this skill: (1) confirm which "Beanstalk" product this targets (Git hosting vs. CRM) because the documentation is inconsistent; (2) review the Membrane CLI package (@membranehq/cli) on npm/GitHub to ensure it is reputable before running a global install; (3) be aware the login flow issues tokens via Membrane — only connect accounts with the minimum privileges needed and inspect available actions (list-actions) before running create/delete actions; (4) prefer testing with a low-privilege or sandbox account first; and (5) if you need higher assurance, ask the skill author for a clear mapping of actions to API scopes and for provenance (source repo or publisher identity).
Review Dimensions
- Purpose & Capability
- concernThe top-level metadata/description and the SKILL.md disagree about what "Beanstalk" is: the skill header claims CRM-like objects (Persons, Organizations, Deals, Leads) while the SKILL.md describes Beanstalk as a Git-based source control/deployment tool. This mismatch could be sloppy documentation or a mis-targeted skill; either way it reduces confidence that requested actions align with the stated purpose.
- Instruction Scope
- noteSKILL.md is instruction-only and instructs use of the Membrane CLI for auth, connection creation, listing and running actions. The steps are scoped to the Membrane->Beanstalk integration (login, connect, action list/run). It does not instruct reading local files, scanning system state, or exfiltrating unrelated data, but it does rely on interactive browser authentication which will create tokens/credentials in the user's environment via Membrane.
- Install Mechanism
- noteThere is no install spec in the skill bundle, but SKILL.md tells users to run `npm install -g @membranehq/cli@latest`. A global npm install executes third-party code on the machine — expected for a CLI but moderate risk. Because the skill bundle itself won't auto-install anything, risk is limited to what the user does locally.
- Credentials
- okThe skill declares no required environment variables or config paths. It relies on Membrane-managed authentication (interactive login). Requesting a Membrane account and network access is proportional for an integration connector.
- Persistence & Privilege
- okThe skill is not forced-always and does not request persistent system-wide changes. It is user-invocable and allows autonomous invocation by default (normal for skills). No evidence the skill modifies other skills or system settings.