Back to skill
Skillv1.0.3
ClawScan security
Gigasheet · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 21, 2026, 2:06 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is internally consistent: it uses the Membrane CLI to access Gigasheet, requests no unrelated credentials, and its instructions align with the stated purpose.
- Guidance
- This skill appears to do what it says: it delegates Gigasheet access to the Membrane CLI and asks you to authenticate through the browser. Before installing: - Verify the @membranehq/cli package and publisher on the npm registry and review its repository (the SKILL.md references a GitHub org). Prefer to audit the package or install in a controlled environment (container or VM) if you’re unsure. - Understand that Membrane will mediate authentication and therefore will have access to the Gigasheet connection (i.e., trust the Membrane service). - Do not paste auth codes or secrets into untrusted UIs; the headless flow requires entering a code returned by the browser — only enter it into the CLI you invoked. - If you need higher assurance, ask the skill publisher for the exact npm package checksum or a vetted install mechanism, or request source code for review.
Review Dimensions
- Purpose & Capability
- okName/description (Gigasheet integration) match the runtime instructions: all actions are performed via the Membrane CLI and the skill does not request unrelated credentials or system access.
- Instruction Scope
- okSKILL.md only instructs installing and using the Membrane CLI, performing authentication via browser/headless flow, creating connections, searching for and running actions, and handling JSON output. It does not ask the agent to read unrelated files, system config, or environment variables.
- Install Mechanism
- noteThere is no packaged install spec (instruction-only). The doc tells users to run 'npm install -g @membranehq/cli@latest' — a normal, expected step but one that installs a global npm package (moderate risk). This is proportionate to the stated purpose but you should verify the npm package and the publisher before installing on important or shared machines.
- Credentials
- okThe skill declares no required env vars, no primary credential, and the instructions explicitly state Membrane handles credentials server-side. No unrelated secrets or config paths are requested.
- Persistence & Privilege
- okalways is false and there are no install-time hooks or requests to modify other skills or global agent settings. The skill does require installing a CLI, which will persist on the system if installed by the user, but that is within expectations for this integration.