Back to skill
Skillv1.0.2
ClawScan security
Cardinal · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 2, 2026, 8:57 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's instructions and requirements are coherent with a Cardinal integration that uses the Membrane CLI; there are no disproportionate credential requests or unexpected behaviors.
- Guidance
- This skill is largely coherent: it uses the Membrane CLI to proxy requests to Cardinal and does not ask for local secrets. Before installing, verify you trust the Membrane project (@membranehq on npm and the homepage/repository), and be aware the SKILL.md expects you to run `npm install -g @membranehq/cli` (so you need npm/node). Installing a global npm CLI will place files on your system — if you cannot or do not want to install it, avoid running the commands. Also confirm that any connector IDs or proxy paths you use point to the expected Cardinal tenant and avoid running arbitrary proxy paths unless you trust the target service.
Review Dimensions
- Purpose & Capability
- okThe skill claims to integrate with Cardinal and all runtime instructions use the Membrane CLI and Membrane proxy to talk to Cardinal — this matches the stated purpose. Minor metadata omission: the registry metadata lists no required binaries, but SKILL.md instructs installing the Membrane CLI via npm (so node/npm are implicitly required).
- Instruction Scope
- okSKILL.md confines actions to Membrane CLI commands (login, connect, action run, request proxy). It uses browser-based auth and Membrane-managed credentials. There are no instructions to read unrelated local files, environment variables, or send data to third-party endpoints outside Membrane/Cardinal.
- Install Mechanism
- noteThere is no registry install spec (instruction-only), but the doc tells users to run `npm install -g @membranehq/cli`. Installing via npm is a common public registry flow (moderate risk); there are no direct download URLs or extract-from-unknown-host steps. The skill does not declare the implicit dependency on npm/node in its metadata.
- Credentials
- okThe skill declares no required environment variables or credentials and instructs users to use Membrane-managed connections rather than local API keys. That is proportionate to the integration's purpose.
- Persistence & Privilege
- okalways is false and the skill is user-invocable. There is no indication it attempts to modify other skills or system-wide agent settings. Autonomous invocation is allowed by default (not a problem by itself).