Back to skill
Skillv1.0.3
ClawScan security
Heartbeat · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 22, 2026, 12:24 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's requirements and instructions align with its stated purpose: it is an instruction-only integration that uses the Membrane CLI to manage Heartbeat data and does not request unrelated credentials or hidden install steps.
- Guidance
- This is an instruction-only integration that uses the Membrane CLI and your Membrane account to interact with Heartbeat. Before installing: 1) Verify you trust the @membranehq/cli npm package source (global npm installs run lifecycle scripts and modify your system PATH). 2) Understand that functionality requires you to run membrane login (interactive browser flow or copy-paste code) so no raw API keys are requested by the skill itself. 3) If you permit autonomous agent invocation, be aware the agent could create and run actions in your Membrane account—consider requiring user confirmation before the agent performs actions that modify remote state. If unsure, install and run the CLI in an isolated environment (or test account) first.
Review Dimensions
- Purpose & Capability
- okThe name/description (Heartbeat integration) matches the runtime instructions: all actions are performed via the Membrane CLI and a Membrane account. There are no unrelated environment variables, binaries, or config paths requested.
- Instruction Scope
- okSKILL.md confines activity to installing and using the membrane CLI, creating/listing connections and actions, and running actions. It does not instruct reading local secrets, shell history, or arbitrary files, nor does it direct data to unexpected external endpoints other than Membrane.
- Install Mechanism
- noteThere is no formal install spec, but the documentation asks users to run a global npm install (npm install -g @membranehq/cli@latest). Using npm is a reasonable installation method for a CLI, but global npm installs can execute package lifecycle scripts and modify system-wide paths—so users should verify the package source and be comfortable installing a global CLI.
- Credentials
- okThe skill declares no required env vars or credentials. It relies on the user having a Membrane account and running membrane login interactively; this is proportionate to the functionality and the SKILL.md explicitly advises not to ask users for raw API keys.
- Persistence & Privilege
- noteThe skill is not forced-always and does not request system config paths. It will operate via network calls to Membrane and can create or run actions in the user's Membrane account. If you allow autonomous agent invocation, the agent could create/run actions server-side under your Membrane account, so consider whether you want to permit autonomous use without confirmation.