Skillv1.0.2

ClawScan security

Freshsales · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewApr 2, 2026, 8:39 PM

Verdict: Review
Confidence: medium
Model: gpt-5-mini
Summary: The skill claims to manage Freshsales CRM data but the package contains no code, no install steps, and declares no credentials or environment variables — that mismatch (and the implied use of an external Membrane account/proxy) makes its behavior unclear and potentially privacy-sensitive.
Guidance: Before installing, verify how this skill obtains and stores Freshsales credentials and where data is sent: 1) Inspect the full SKILL.md for exact network endpoints, OAuth or API-key instructions, and any instructions to paste secrets. 2) Confirm whether authentication is handled by the Membrane service (getmembrane.com) and, if so, read their privacy/security documentation — your Freshsales data will likely pass through their servers. 3) If the skill expects you to paste API keys or tokens at runtime, prefer creating a least-privilege API key and test on non-production data. 4) If you require on-premises-only data handling, avoid skills that proxy data through third parties. 5) If anything in SKILL.md instructs reading unrelated local files or environment variables, treat that as a red flag. If you can, contact the skill maintainer or the Membrane project for explicit auth and data-flow details; absence of declared credentials in the registry is the main reason for caution.

Review Dimensions

Purpose & Capability: concernThe skill's name and description say it integrates with Freshsales (a service that requires API credentials/OAuth). Yet the registry metadata lists no required environment variables, no primary credential, and no config paths. That absence is unexpected for a CRM integration and is inconsistent with the claimed purpose unless authentication is being handled outside the skill (e.g., via the Membrane platform).
Instruction Scope: noteThe SKILL.md is instruction-only and requires network access and a Membrane account; because there is no code the runtime behavior depends entirely on the prose. The provided excerpt only shows an overview; the instructions may call external APIs or instruct the agent to forward user data to Membrane or Freshsales. The file should be inspected for explicit endpoints, auth flows, and any guidance to collect/send user files or secrets; the current metadata does not make those data flows explicit.
Install Mechanism: okThere is no install spec and no code files, so nothing will be downloaded or written at install time. This minimizes on-disk risk but shifts importance to the runtime instructions and network calls.
Credentials: concernA CRM integration normally requires Freshsales credentials (API key/OAuth) or at least declares a primary credential. The absence of any declared env vars or primary credential is disproportionate to the stated function. It suggests either (a) credentials are expected to be provided interactively at runtime, (b) the skill relies on a Membrane-hosted proxy that stores credentials, or (c) the metadata is incomplete — each of which has different privacy/security implications that are not documented here.
Persistence & Privilege: okThe skill is not always-enabled and does not request elevated platform privileges in the metadata. As an instruction-only skill it cannot persist binaries or modify other skills by itself. Autonomous invocation is allowed by default (disable-model-invocation=false) which is normal, but combined with unclear data flows it increases the importance of reviewing how auth and network calls are performed.