Skillv1.0.5

ClawScan security

Trello · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 28, 2026, 9:15 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill appears to implement a Trello integration via the Membrane CLI, but its metadata does not declare the CLI dependency and the instructions ask you to install and trust a third‑party proxy service — this mismatch and the proxying behavior merit caution.
Guidance: This skill uses the Membrane CLI and a Membrane account to act as a proxy to Trello, but the skill metadata does not declare that dependency — treat that mismatch as a red flag. Before installing or running it: (1) verify the Membrane project and npm package (@membranehq/cli) origins and integrity (check the package on npm, GitHub repo, and publisher identity); (2) be aware that you are granting Membrane tooling the ability to hold Trello auth and to proxy requests on your behalf — only proceed if you trust that service and understand which base URL/connection will be used; (3) prefer running the CLI in a controlled environment (not on a sensitive machine) and avoid granting broad org-level Trello credentials until you confirm the connector's behavior; (4) ask the skill provider to update metadata to declare the CLI dependency and any required credentials for clearer auditing.

Review Dimensions

Purpose & Capability: concernThe skill claims to be a Trello integration but the runtime instructions require the @membranehq/cli and a Membrane account; the declared metadata lists no required binaries or credentials. That is an incoherence: a Trello integration that depends on a CLI (and a third‑party service to manage auth and proxy requests) should declare that dependency and any expected credentials in the skill metadata.
Instruction Scope: noteSKILL.md is focused on using Membrane to discover and run Trello actions and to proxy Trello API requests. It does not instruct reading unrelated files or environment variables. However, it explicitly allows issuing arbitrary proxied requests via `membrane request <CONNECTION_ID> /path`, which — depending on how connections are configured — could send arbitrary HTTP requests through the Membrane service. You should understand what the connection's base URL and permissions will be before running arbitrary proxied requests.
Install Mechanism: concernThere is no install spec in the registry metadata, but the SKILL.md instructs users/agents to run `npm install -g @membranehq/cli@latest`. Asking for a global npm install is a moderate-risk action and should be declared in metadata; the install source is npm (public registry), which is traceable, but the registry metadata omission is a mismatch and reduces transparency.
Credentials: noteThe skill metadata declares no required environment variables or primary credential. Runtime use requires a Membrane account and interactive login via `membrane login`, which will create and store credentials in Membrane's tooling. That is reasonable for a proxied integration, but it means you must trust Membrane to hold and relay Trello credentials — the skill itself does not request Trello API keys directly.
Persistence & Privilege: okThe skill is not set to always: true and does not request elevated platform presence. Autonomous invocation is permitted (the default) but that is normal for skills. The skill does not ask to modify other skills or system settings.