Back to skill
Skillv1.0.1
ClawScan security
Mailgun · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 21, 2026, 3:09 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is internally consistent: it documents using the Membrane CLI to interact with Mailgun and does not request unrelated credentials or perform unexpected actions.
- Guidance
- This skill is an instruction-only adapter that uses the Membrane CLI to talk to Mailgun. Before installing or following the steps: (1) review the @membranehq/cli package and its GitHub/npm pages to ensure you trust the publisher, (2) be aware that `npm install -g` will install a global binary on your system, (3) understand that Mailgun credentials will be managed by your Membrane account/CLI (so review Membrane's authentication and storage policies), and (4) only run the interactive `membrane login` flow you initiated — don't paste authentication codes into unknown places. If you need to avoid installing software, consider whether a different Mailgun integration that uses only direct API calls (and explicit API keys you control) is preferable.
Review Dimensions
- Purpose & Capability
- okName/description (Mailgun integration) align with the instructions: the SKILL.md describes using the Membrane CLI to list/create Mailgun resources and manage actions. The requirement to use Membrane and a Membrane account is reasonable for this integration.
- Instruction Scope
- noteInstructions stay within the Mailgun integration boundary (install Membrane CLI, login via Membrane, connect the mailgun connector, list and run actions). The doc asks the user to perform interactive login (browser/code exchange) and to install a global npm package — both are expected but are actions the user must perform manually and that modify the host environment.
- Install Mechanism
- noteNo formal install spec is included (instruction-only), but SKILL.md directs users to run `npm install -g @membranehq/cli@latest`. Using a public npm package is traceable but carries the usual npm risks (supply-chain/backdoor risk); this is proportionate for a CLI-based integration but worth reviewing the package source before installing globally.
- Credentials
- noteThe skill declares no required env vars or credentials. Authentication is delegated to the Membrane CLI and Membrane account; this is consistent but means Mailgun credentials and tokens will be managed/stored by Membrane (outside the skill). Users should verify Membrane's auth/storage practices before granting access to their Mailgun account.
- Persistence & Privilege
- okThe skill does not request always:true and makes no system-wide config changes itself (instruction-only). It allows autonomous invocation (platform default), which is expected for skills; no extra persistence or elevated privileges are requested.