Skillv1.0.5

ClawScan security

Calendarhero · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignApr 21, 2026, 3:08 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's requirements and runtime instructions align with its stated purpose (it is an instruction-only CalendarHero integration that relies on the Membrane CLI), and it does not request unrelated credentials or broad system access.
Guidance: This is an instruction-only CalendarHero integration that uses the Membrane CLI. Before installing: (1) verify you trust the Membrane package (@membranehq/cli) on npm and consider checking the referenced GitHub repo; (2) be aware npm -g installs require elevated permissions—run it in an environment you control or use a virtual environment/container if you prefer isolation; (3) the CLI will open a browser or provide a one-time auth code to link your account—do not share that code with untrusted parties; (4) the skill delegates auth to Membrane so it does not request your API keys, but granting a connection will allow Membrane to access your CalendarHero data—ensure you trust that service and review the connection details before proceeding.

Purpose & Capability: okThe SKILL.md describes interacting with CalendarHero via Membrane and only asks the agent/operator to install and use the Membrane CLI. Required functionality (discovering actions, creating connections, running actions) is coherent with the CalendarHero integration description.
Instruction Scope: okRuntime instructions are limited to installing the Membrane CLI, running membrane commands (login, connect, action list/run), and polling for action build state. The document explicitly tells the agent not to ask users for API keys and does not instruct reading unrelated files, environment variables, or transmitting data to unexpected endpoints.
Install Mechanism: okThere is no install spec embedded in the skill bundle (instruction-only). The SKILL.md recommends installing @membranehq/cli via npm (global). That is a reasonable, low-risk instruction for a CLI-based integration, though npm global installs require user consent and privilege on the host.
Credentials: okThe skill declares no required environment variables, no primary credential, and no config paths. Authentication is delegated to Membrane's login/connection flow. No unrelated secrets or system credentials are requested.
Persistence & Privilege: okThe skill is not always-enabled and does not request persistent or elevated platform privileges. It does not instruct modifying other skills or global agent settings.