Skillv1.0.3

ClawScan security

Idx Broker · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 22, 2026, 11:54 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's requirements and runtime instructions align with its stated IDX Broker integration purpose; it is an instruction-only adapter that relies on the Membrane CLI and does not request unrelated credentials or unusual system access.
Guidance: This skill is internally consistent for connecting IDX Broker through Membrane. Before installing, verify you trust the @membranehq/cli npm package (check the publisher, package page, and repository), consider installing the CLI in an isolated environment or VM if you prefer, and review how the Membrane CLI stores tokens/credentials so you understand what account access it retains. If you want to limit risk, avoid global npm installs and limit the Membrane account permissions to least privilege needed for IDX Broker operations.

Review Dimensions

Purpose & Capability: okThe name/description (IDX Broker integration) match the instructions: it tells the agent/operator to use the Membrane CLI to authenticate, create a connection to the idx-broker connector, and call actions. Requiring the Membrane CLI and a Membrane account is coherent for a broker integration and no unrelated credentials or binaries are requested.
Instruction Scope: okSKILL.md stays on-topic: it documents installing the Membrane CLI, performing login, creating a connection, listing connections, and searching/triggering actions. It does not instruct the agent to read arbitrary files, exfiltrate data, or access unrelated system configuration. The instructions rely on an interactive or headless OAuth flow presented by the CLI.
Install Mechanism: noteInstall instructions recommend npm install -g @membranehq/cli@latest. That is a standard distribution method for CLI tools but does execute code downloaded from the public npm registry (moderate risk). This is expected for a CLI-driven integration, but users should verify the package publisher and consider installing in a contained environment if they are cautious.
Credentials: okThe skill declares no required environment variables or credentials. Authentication is delegated to the Membrane CLI, which is a proportional design: the skill itself doesn't ask for unrelated secrets. Users should be aware that the Membrane CLI will store credentials/tokens according to its own behavior (not part of this skill).
Persistence & Privilege: okThe skill is instruction-only, has no install-time persistence, and does not set always:true. It does not request modification of other skills or global agent settings. Autonomous invocation is allowed by default (platform standard) but is not combined with other concerning privileges here.