Back to skill
Skillv1.0.3
ClawScan security
Fondy · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 22, 2026, 9:12 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is an instruction-only wrapper that tells the agent to use the Membrane CLI to talk to Fondy; its requirements and instructions are consistent with that purpose and it doesn't request unrelated credentials or perform surprising actions.
- Guidance
- This skill is instruction-only and delegates Fondy access to the third-party Membrane service/CLI. Before installing or using it: verify the @membranehq/cli package and the Membrane service (GitHub repo, npm package publisher, and privacy/security docs); prefer using npx to avoid a global install if you want less long-term footprint; understand that by creating a connection you are trusting Membrane to handle Fondy credentials and data access—review their data handling and access scope; and test with a limited or sandbox Fondy account if possible.
Review Dimensions
- Purpose & Capability
- okThe name/description (Fondy integration) matches the instructions, which direct the agent to use the Membrane CLI to connect to Fondy, list/create connections, discover actions, and run them. Nothing requested is unrelated to integrating with a payment gateway via Membrane.
- Instruction Scope
- okSKILL.md only instructs use of the Membrane CLI (login, connect, action list/create/run). It does not ask the agent to read unrelated files, harvest environment variables, or send data to arbitrary endpoints beyond Membrane/Fondy APIs. It explicitly advises not to ask users for external API keys.
- Install Mechanism
- okThere is no automated install spec in the registry; SKILL.md suggests installing @membranehq/cli via npm or using npx. This is a standard public npm package flow and is proportionate to the stated purpose. Recommendation: prefer npx to avoid a global install if you want lower persistence.
- Credentials
- okThe skill declares no required environment variables, no primary credential, and no config paths. That is consistent because Membrane is described as handling auth server-side. There are no unexpected credential requests in the instructions.
- Persistence & Privilege
- okThe skill is not always-enabled and is user-invocable (default). It does not request permanent presence or modify other skills' configurations. Autonomous invocation is allowed by default but is not combined here with broad privileges or secrets access.