Skillv1.0.2

ClawScan security

Botpress · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 2, 2026, 9:03 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's purpose (Botpress via Membrane) is plausible, but the package manifest omits important runtime requirements and install details and relies on installing/running a third-party CLI that will hold and proxy credentials — these mismatches merit caution.
Guidance: This skill appears to be an instruction-only integration that uses the Membrane CLI to talk to Botpress. Before installing or using it: 1) Verify you trust Membrane/@membranehq: the CLI will handle and store authentication and will proxy API requests on your behalf. 2) Confirm the npm package @membranehq/cli is the official, expected package (inspect its npm page and GitHub repo and check maintainers/release history). 3) Be aware the SKILL.md expects node and npm and tells you to run a global npm install, but the manifest does not declare these requirements — installing global CLIs has supply-chain and permission implications. 4) If you operate in headless or restricted environments, note the login flow opens a browser or requires copying codes. 5) If you need stronger assurance, ask the skill author for an explicit install spec, declared required binaries, and a link to the exact CLI repo/release used so you can audit it.

Review Dimensions

Purpose & Capability: noteThe SKILL.md clearly describes a Botpress integration implemented via the Membrane CLI, which fits the stated purpose. However, the manifest lists no required binaries or credentials while the instructions require installing and running the @membranehq/cli (and therefore npm/node), so the declared requirements do not match what the skill actually needs.
Instruction Scope: okInstructions are explicit and scoped to interacting with Membrane and Botpress (login, create connections, list/run actions, proxy requests). They do not instruct reading unrelated local files or exfiltrating environment variables. They do instruct installing and running a CLI and using browser-based auth flows, which has side effects (credential storage) that the user should be aware of.
Install Mechanism: concernThere is no install spec in the manifest, but SKILL.md instructs a global npm install of @membranehq/cli. The skill should have declared required binaries and an install spec. Installing a global npm CLI has supply-chain risk and requires node/npm present; the manifest does not mention these or provide trusted release/source details.
Credentials: okThe manifest requests no environment variables or credentials. The SKILL.md explicitly delegates credential handling to Membrane and advises against asking the user for API keys. This is proportionate to the stated purpose, but it does centralize trust in Membrane's service — the user should verify Membrane's trustworthiness.
Persistence & Privilege: okThe skill is not always-enabled and does not request elevated or persistent platform privileges. It does rely on a third‑party CLI that will persist auth state (Membrane login), but that is an expected behavior for a CLI-based integration and not a manifest-declared privilege.