Skillv1.0.2

ClawScan security

Gitea · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 2, 2026, 9:03 PM

Verdict: Benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill is internally consistent — it instructs the agent to use the Membrane CLI to talk to Gitea and does not request unrelated credentials — but it relies on a third‑party proxy (Membrane) and a global npm install which have privacy and supply‑chain implications you should consider.
Guidance: This skill looks coherent for integrating with Gitea via Membrane, but before installing or using it consider: 1) Membrane will act as a proxy and hold your Gitea credentials — review Membrane's security, privacy, and data retention policies and decide if you trust that third party with repository data and tokens. 2) The SKILL suggests installing @membranehq/cli globally (npm -g), which runs package install scripts and modifies system PATH — verify the package publisher and version, and prefer installing in a controlled environment if you're cautious. 3) Because the proxy can send arbitrary API requests, avoid sending highly sensitive data through it unless you've validated trust/permissions. If you need stronger guarantees, consider using a self‑hosted connector or direct API integration that you control. If you want, I can list concrete checks to vet the @membranehq/cli package and Membrane's security docs.

Review Dimensions

Purpose & Capability: okThe name/description (Gitea integration) matches the instructions: all actions are performed via the Membrane CLI and Membrane connectors for Gitea. There are no unrelated required env vars, binaries, or config paths.
Instruction Scope: noteInstructions are focused on installing the Membrane CLI, authenticating, creating/using connectors, running prebuilt actions, and proxying API requests. However, the proxy feature can be used to send arbitrary paths/requests through Membrane to the Gitea API — meaning data and API calls will flow through Membrane (not directly to the user's Gitea instance).
Install Mechanism: noteThis is an instruction-only skill (no automatic install), but it recommends a global npm install (npm install -g @membranehq/cli). Global npm installs run package install scripts and add code to the system PATH — a normal choice for CLIs but a moderate supply‑chain/privacy risk that users should vet (package source, publisher, version).
Credentials: okThe skill declares no required environment variables or credentials and explicitly advises against asking users for API keys. Instead it relies on Membrane to manage credentials server-side; this is proportionate to the stated purpose but centralizes secrets with the Membrane service, which has privacy implications.
Persistence & Privilege: okThe skill does not request always:true and has no install hooks or config paths. Autonomous invocation is allowed (platform default) but not combined with other privilege escalations. It does not try to modify other skills or system settings.