Skillv1.0.2

ClawScan security

Clio · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 2, 2026, 8:44 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill consistently describes a Clio integration via the Membrane CLI, but it omits required install/binary metadata and routes Clio data through Membrane (a third-party service) — review the npm package and trust model before installing.
Guidance: This skill uses the Membrane CLI to connect your Clio account and proxy requests through Membrane. Before installing or using it: (1) confirm you have Node/npm and are willing to run a global npm install; (2) verify the npm package/@membranehq/cli is the official one (check the npm page, publisher, and package checksum); (3) understand that Clio data and OAuth tokens will be routed to/stored by Membrane — review their privacy/security docs and retention policy and the OAuth scopes requested during connection; (4) avoid running installs or auth flows in highly sensitive environments until you’ve validated the provider; and (5) note the registry metadata didn’t declare required binaries or an install spec — treat the SKILL.md instructions as the authoritative source and proceed cautiously.

Review Dimensions

Purpose & Capability: noteThe skill's name/description (Clio integration) matches the instructions: it uses Membrane to manage Clio Matters, Contacts, Tasks, etc. However, the registry metadata lists no required binaries or install steps even though the SKILL.md instructs installing the @membranehq/cli npm package and using the membrane executable (so Node/npm and a global install are effectively required).
Instruction Scope: concernThe runtime instructions direct the agent/operator to install and run the Membrane CLI, create connections via browser OAuth, run pre-built actions, and — importantly — proxy arbitrary requests through Membrane to the Clio API. Proxying allows arbitrary API calls and sends Clio data through Membrane's servers; this is in-scope for a Clio integration but increases data-exposure risk and should be explicitly called out to users.
Install Mechanism: concernThere is no install spec in the registry (instruction-only), yet SKILL.md tells users to run `npm install -g @membranehq/cli`. Asking users to install a global npm package is moderate risk: it requires Node/npm and elevated filesystem access, and it pulls code from the npm registry even though that install step isn't reflected in the registry metadata.
Credentials: noteThe skill declares no env vars or secrets (which is appropriate because Membrane handles auth), but that also means you must trust Membrane to store and refresh Clio credentials and to proxy API calls. The skill explicitly tells you not to provide raw API keys, which is coherent, but it does not describe what Membrane stores or how long credentials/connection data are retained.
Persistence & Privilege: noteThe skill itself does not request always:true or modify other skills. Installing the Membrane CLI (per instructions) creates a persistent binary on the system if the user proceeds — that is expected but is not declared in the registry. Also note that creating a Membrane connection establishes persistent credentials on Membrane's service.