Skillv1.0.3

ClawScan security

Cubicl · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignApr 22, 2026, 1:18 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill is an instruction-only wrapper that directs the agent to use the Membrane CLI to interact with Cubicl; its requirements and commands are consistent with that purpose.
Guidance: This skill is instruction-only and appears coherent, but take these precautions before installing or following the commands: 1) Verify the Membrane CLI package (@membranehq/cli) on the npm registry and the linked GitHub/homepage to ensure you trust the publisher. 2) Prefer using npx for one-off use instead of a global npm -g install if you want to avoid adding system-wide binaries. 3) The workflow requires a Membrane account and interactive/headless login; do not share API keys directly — the SKILL.md advises against it. 4) Review any actions you create or run (they execute on Membrane/Cubicl) to ensure they won't expose sensitive data. 5) If you operate in an automated or constrained environment, confirm that opening the authorization URL and completing the login is acceptable. Overall the skill's instructions align with its purpose, but you should still validate the CLI source and the Membrane account/tenant before proceeding.

Purpose & Capability: okName/description match the instructions: the SKILL.md tells the agent to use the Membrane CLI to connect to a Cubicl connector and run actions. No unrelated credentials, binaries, or system paths are requested.
Instruction Scope: okRuntime instructions are limited to installing/using the Membrane CLI, authenticating via membrane login, creating/listing/running actions, and using connection IDs. The skill does not instruct the agent to read unrelated files, access unrelated environment variables, or exfiltrate data to unexpected endpoints.
Install Mechanism: noteThere is no formal install spec in the registry; the SKILL.md recommends installing @membranehq/cli from npm (or using npx). Installing a public npm CLI is a standard pattern but does require trusting the upstream package and its maintainer.
Credentials: okThe skill declares no required environment variables and explicitly delegates auth to Membrane (telling users not to share API keys). The auth flow requires a Membrane account and interactive or headless login, which is proportional to the described functionality.
Persistence & Privilege: okThe skill is not always-on, does not request persistent system-wide changes, and is user-invocable. It does not ask to modify other skills' configs or request elevated platform privileges.