Back to skill
Skillv1.0.3
ClawScan security
Demodesk · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 22, 2026, 1:32 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's instructions, requirements, and actions align with a Demodesk integration implemented via the Membrane CLI; nothing requested by the skill is disproportionate to that purpose.
- Guidance
- This skill appears coherent and focused: it relies on the Membrane CLI to mediate access to Demodesk. Before installing/running the CLI, verify the @membranehq/cli npm package and the getmembrane.com / GitHub repository are legitimate (check the npm and GitHub pages, maintainer, and recent release history). Prefer using npx or an explicit pinned version instead of an unpinned global install if you want to limit supply-chain risk. Be aware that authentication will redirect to Membrane (you'll complete login in a browser and paste a code in headless environments), and that Membrane will hold the connection credentials — ensure you trust that service for handling your Demodesk tokens.
Review Dimensions
- Purpose & Capability
- okName and description claim a Demodesk integration and the SKILL.md consistently instructs the agent to use the Membrane CLI to connect to a Demodesk connector and run actions. Required capabilities (network access, Membrane account, Membrane CLI) are appropriate for the stated purpose.
- Instruction Scope
- okRuntime instructions are limited to installing/using the Membrane CLI, authenticating via Membrane, listing/creating/running actions, and using connection IDs. The doc does not instruct the agent to read unrelated local files, access unrelated environment variables, or exfiltrate data to unexpected endpoints.
- Install Mechanism
- noteThere is no formal install spec in the manifest, but SKILL.md instructs installing the @membranehq/cli npm package (global install or npx). This is a common approach for CLI-driven integrations but carries the usual supply-chain considerations of installing global npm packages; the package is from the public npm ecosystem (not an arbitrary download URL).
- Credentials
- okThe skill requests no environment variables, keys, or config paths. It explicitly advises using Membrane to manage credentials rather than asking the user for API keys, which is proportionate to its design.
- Persistence & Privilege
- okSkill is instruction-only, has no special persistence flags (always:false), and does not request modification of other skills or system-wide agent settings. Autonomous invocation is allowed but is the platform default and not problematic here.