Back to skill
Skillv1.0.3
ClawScan security
Hankoio · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 22, 2026, 9:27 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's requests and instructions align with its stated purpose (it uses the Membrane CLI to interact with Hanko.io), and there are no unexplained credential or install demands in the skill metadata.
- Guidance
- This skill appears coherent: it uses the Membrane CLI to talk to Hanko.io and does not ask for unrelated credentials. Before installing or using it, consider: 1) Verify the Membrane project and the npm package (@membranehq/cli) on npm/github to ensure you trust the publisher; 2) Prefer using npx or a scoped/local install instead of a global -g install if you want to limit system-wide effects; 3) Review the permissions and scopes requested during the Membrane login flow — Membrane will have access to connector data on your behalf; 4) If you need stricter control, run the CLI in an isolated environment (VM/container) or request the user to perform authentication steps themselves and only share minimally necessary outputs. Overall the skill is internally consistent, but trust in the external Membrane service and the npm package is the primary operational risk.
Review Dimensions
- Purpose & Capability
- okName/description (Hanko.io integration) match the instructions: the SKILL.md consistently instructs the agent to use the Membrane CLI to connect to a hankoio connector and run actions. Required capabilities (network access and a Membrane account) are proportional to the stated purpose.
- Instruction Scope
- okRuntime instructions are narrowly scoped to installing/using the Membrane CLI, logging in, creating a connection, discovering and running Membrane-managed actions. The SKILL.md does not instruct the agent to read unrelated local files, environment variables, or post data to unknown endpoints; it explicitly says not to ask users for API keys.
- Install Mechanism
- noteThis is an instruction-only skill (no install spec), but it tells users to run `npm install -g @membranehq/cli@latest` (or use npx). Fetching a CLI from the public npm registry is a reasonable install for this purpose, but installing global npm packages grants the package execution privileges on the host — users should review the package/source before installing.
- Credentials
- okThe skill declares no required env vars or credentials and relies on Membrane-managed authentication via interactive login. This is proportionate for a connector-based integration. Note that using Membrane routes auth through a third-party service, which will hold access to the target Hanko.io data on the user's behalf.
- Persistence & Privilege
- okThe skill does not request persistent presence (always:false) and has no install-time artifacts defined in the registry. Autonomous invocation is enabled by default (platform normal) but is not combined with broad credential requests or system modifications.