Back to skill
Skillv1.0.2
ClawScan security
Databricks · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousApr 2, 2026, 8:47 PM
- Verdict
- suspicious
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's instructions align with a Databricks connector that uses the Membrane CLI, but it asks you to install a third‑party CLI and to proxy Databricks API traffic through Membrane (potentially exposing data), and the skill metadata omits the CLI dependency — these mismatches warrant caution.
- Guidance
- This skill appears to be a Databricks connector implemented via the Membrane CLI — that is reasonable for the described purpose, but take these precautions before installing or using it: 1) Recognize that using the skill requires installing and trusting the @membranehq/cli npm package (verify the package repo, publisher, and checksum where possible). 2) Understand that API calls, request bodies, and your Databricks auth will be proxied through Membrane’s service — review Membrane’s privacy/security/terms and ensure this is acceptable for your data sensitivity and org policy. 3) The skill metadata did not declare the CLI dependency; treat the SKILL.md instructions as authoritative only after you’ve validated the tooling. 4) Consider testing in an isolated environment or with limited-permission Databricks credentials first. If you need, I can list specific checks to verify the npm package and Membrane service before you proceed.
Review Dimensions
- Purpose & Capability
- noteThe README describes a Databricks integration and the runtime instructions all use the Membrane CLI to manage Databricks resources — this is coherent with the stated purpose. However, the skill registry metadata lists no required binaries or install steps while the SKILL.md explicitly instructs installing `@membranehq/cli` (npm -g). That discrepancy (undeclared dependency) is a minor incoherence.
- Instruction Scope
- concernThe instructions tell the user to authenticate and then route Databricks API calls through Membrane's proxy; this is expected for a connector but means API requests and possibly sensitive payloads (queries, data, job specs) will transit Membrane's infrastructure. The skill does not request local secrets, but it does instruct sending arbitrary API paths and bodies to an external service (Membrane) — a legitimate design choice but a privacy/exfiltration risk the user must accept.
- Install Mechanism
- noteThere is no formal install spec in the registry (instruction-only), but SKILL.md instructs installing a global npm package (`npm install -g @membranehq/cli`). Installing a public npm CLI carries the usual supply-chain risks; verify the package identity/source and prefer vetted releases. The instruction to install tooling should have been reflected in the skill's declared requirements.
- Credentials
- noteThe skill declares no required environment variables or credentials (good), and uses browser-based Membrane login and server-side credential management. That is proportionate to a connector — but it centralizes credential handling to Membrane, which requires trusting their service to store/refresh the Databricks auth tokens.
- Persistence & Privilege
- okThe skill is not always-enabled and does not request persistent system privileges or modify other skills' configurations. It is instruction-only and does not attempt to force installation or persistent presence on agents.