Skillv1.0.2

ClawScan security

Chargebee · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignApr 2, 2026, 8:41 PM

Verdict: Benign
Confidence: high
Model: gpt-5-mini
Summary: The skill is an instruction-only integration that tells the agent to use the Membrane CLI to manage Chargebee resources; its requirements and runtime instructions are consistent with that purpose.
Guidance: This skill is instruction-only and delegates all auth and API access to the Membrane CLI. Before installing or using it: (1) verify the @membranehq/cli package/source on npm/GitHub to ensure you trust the vendor; (2) consider installing the CLI in a user scope (not globally) or in an isolated environment if you're cautious about global npm installs; (3) be aware that Membrane will hold Chargebee credentials when you create a connection — confirm you trust Membrane's account and storage practices and review what permissions that connection grants to Chargebee data; (4) avoid copying Chargebee API keys into chat or other untrusted places — follow the skill's recommendation to use Membrane connections; (5) if you need stricter controls, test this workflow in a sandbox Chargebee account first. Overall the skill's instructions are coherent for its stated purpose.

Purpose & Capability: okThe name/description (Chargebee integration) matches the SKILL.md: all instructions focus on using the Membrane CLI to create connections and run actions against Chargebee. There are no unrelated credential or binary requests.
Instruction Scope: okThe SKILL.md only instructs installing/using the Membrane CLI, creating a connection, listing actions, running actions, and proxying requests to Chargebee via Membrane. It does not ask the agent to read unrelated files, environment variables, or to exfiltrate data to unexpected endpoints.
Install Mechanism: noteNo install spec in the skill package itself; instructions tell the user to install @membranehq/cli via npm (-g). Installing a global npm package is a normal step for a CLI but has the usual supply-chain/runtime risks — this is expected for this integration but users should verify the package source and trustworthiness.
Credentials: okThe skill declares no required env vars or config paths. Runtime instructions rely on Membrane to handle credentials rather than asking for API keys, which is proportional to the stated purpose.
Persistence & Privilege: okSkill is not always-enabled and is user-invocable. It does not request persistent system-wide privileges or claim to modify other skills. Autonomous invocation is allowed by default but not combined with other red flags here.