Back to skill
Skillv1.0.2
ClawScan security
Flyio · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 2, 2026, 8:51 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's instructions, requirements, and suggested tooling align with its stated purpose of integrating with Fly.io via the Membrane CLI; nothing requested looks disproportionate or unrelated.
- Guidance
- This skill appears coherent: it uses the Membrane CLI to talk to Fly.io and does not ask for unrelated credentials. Before installing or running commands: 1) Confirm you trust Membrane (https://getmembrane.com) because the CLI and proxy will handle your Fly.io auth and could forward arbitrary API calls. 2) Verify the npm package name/version and install source (avoid typosquatting). 3) Prefer running commands interactively so you can inspect connector IDs, connection prompts, and any proxied requests before executing them. 4) In headless or automated environments, review the CLI's local config and tokens created by membrane login to ensure they are stored where you expect.
Review Dimensions
- Purpose & Capability
- okThe skill advertises Fly.io management and its SKILL.md consistently instructs the agent to use the Membrane CLI to connect to Fly.io and run actions or proxy API requests. The recommended dependency (the @membranehq/cli npm package) is coherent with the described functionality.
- Instruction Scope
- noteAll runtime instructions are limited to installing/using the Membrane CLI, creating connections, listing actions, running actions, and proxying requests to the Fly.io API. The only broader capability is the documented 'membrane request' proxy, which lets you send arbitrary API calls through Membrane — this is expected for an integration but means you should trust Membrane for correct auth handling and not run proxy requests you don't review.
- Install Mechanism
- noteThis is an instruction-only skill (no automatic install). It tells users to run a global npm install of @membranehq/cli. That is a reasonable and traceable installation method (public npm), but global npm installs modify the system PATH and you should verify the package name/version and source before running.
- Credentials
- okThe skill declares no required environment variables or credentials and delegates authentication to Membrane via browser login and connector flows. The credentials it needs are proportional (handled by Membrane) and no unrelated secrets are requested.
- Persistence & Privilege
- okThe skill does not request always:true and is user-invocable. It does not ask to modify system-wide agent settings or other skills. Autonomous invocation is allowed (platform default) but is not combined with other concerning privileges.