Back to skill
Skillv1.0.5
ClawScan security
Clickup · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 28, 2026, 9:14 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's instructions, purpose, and requested actions are internally consistent for a ClickUp integration that uses the Membrane CLI; nothing requires unexplained extra privileges or unrelated credentials.
- Guidance
- This skill is coherent for a ClickUp integration that uses the Membrane CLI, but before installing or using it: 1) verify the @membranehq/cli package and repository (https://github.com/membranedev/application-skills and https://getmembrane.com) are the official sources you expect; 2) be aware installing a global npm package has supply-chain risk — prefer installing from a vetted source or pin a known-good version; 3) confirm where the Membrane CLI stores tokens/credentials on disk and ensure that storage location and access controls meet your security requirements; 4) because the CLI handles auth, avoid pasting secret keys into chat — follow the interactive login flow; and 5) if you want to restrict autonomous behavior, remember the platform allows autonomous invocation by default, so only enable the skill for agents you trust.
Review Dimensions
- Purpose & Capability
- noteThe skill's name and description (ClickUp integration) match the SKILL.md instructions which use the Membrane CLI to connect to ClickUp and run actions. Minor inconsistency: registry metadata lists no required binaries, but the runtime instructions explicitly require installing the @membranehq/cli binary (npm global). This is explainable (instruction-only skill that expects the CLI to be present) but should have been declared in metadata.
- Instruction Scope
- okSKILL.md only instructs the agent to use the Membrane CLI to authenticate, create/ensure a connection to ClickUp, list/search actions, and run those actions. It does not instruct reading arbitrary system files, exporting unrelated environment variables, or posting data to unexpected external endpoints. Authentication is interactive (browser or headless flow) and handled by Membrane per the docs.
- Install Mechanism
- noteThere is no install spec in the registry (instruction-only), but the instructions ask the user to run npm install -g @membranehq/cli@latest. Installing a global npm CLI is a reasonable way to get the required tooling, but it is a third-party package install with the usual supply-chain considerations — the skill does not automatically download or run arbitrary archives itself.
- Credentials
- okThe skill declares no required env vars or primary credential in registry metadata. The SKILL.md clarifies that a Membrane account and interactive login are required; tokens are managed by the Membrane CLI rather than being requested directly by the skill. This is proportionate for a connector that delegates auth to a CLI agent.
- Persistence & Privilege
- okThe skill does not request always:true and is user-invocable. It has no install-time actions that persistently modify other skills or system-wide agent config. The only persistent effect would be the Membrane CLI storing authentication state/tokens as part of its normal operation.