Back to skill
Skillv1.0.3
ClawScan security
Clickhouse · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 22, 2026, 1:20 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's instructions and requirements are coherent with a ClickHouse integration that delegates auth and connection management to the Membrane platform; nothing requested is disproportionate to that purpose.
- Guidance
- This skill appears coherent, but before installing or using it: 1) verify you trust the Membrane service and @membranehq/cli package (npm installs run remote code); 2) when you create a ClickHouse connection, check which permissions the connector requests and give least privilege; 3) avoid pasting unrelated secrets into the CLI; 4) consider running the CLI in an isolated environment if you have high security requirements; and 5) if the skill's SKILL.md ever includes commands that read local files, environment variables, or post data to non-Membrane endpoints, treat that as suspicious and stop.
Review Dimensions
- Purpose & Capability
- okThe name/description (ClickHouse integration) align with the instructions (use Membrane CLI to create a ClickHouse connection and run actions). No unrelated credentials, binaries, or config paths are requested.
- Instruction Scope
- okSKILL.md only instructs installing/using the Membrane CLI, logging in, creating/listing connections, and running/searching/creating actions. It does not ask the agent to read unrelated files, environment variables, or transmit data to unexpected endpoints beyond Membrane.
- Install Mechanism
- noteThere is no automatic install spec in the bundle, but the docs instruct users to run `npm install -g @membranehq/cli@latest` or use `npx`. Installing or invoking remote npm packages executes code from the npm registry — a normal approach but one that carries the usual supply-chain/runtime risks.
- Credentials
- okThe skill declares no required env vars or credentials and explicitly instructs not to ask users for API keys, instead relying on Membrane-managed connections. Network access and a Membrane account are reasonable and proportional.
- Persistence & Privilege
- okThe skill does not request persistent 'always' inclusion or elevated platform privileges. It is instruction-only and does not attempt to modify other skills or system-wide settings.