Skillv1.0.1

ClawScan security

Krayin · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 22, 2026, 7:26 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's instructions, requirements, and actions are coherent with its stated purpose (a Krayin integration mediated by the Membrane CLI); it asks the user to install and use Membrane rather than requesting unrelated credentials or performing unexpected actions.
Guidance: This skill delegates all work to the Membrane CLI/service. Before installing or using it: (1) confirm you trust the @membranehq/cli npm package and consider inspecting the package or using npx rather than a global install; (2) understand that data and auth flows will go through Membrane's servers (review their privacy/security docs at getmembrane.com); (3) avoid pasting unrelated secrets into the CLI prompts; and (4) if you are concerned about running third-party CLIs, consider running the workflow in an isolated VM or container.

Review Dimensions

Purpose & Capability: okThe skill claims to integrate with Krayin and the SKILL.md consistently delegates integration work to the Membrane CLI/service. Requiring a Membrane account and CLI is appropriate for this design; there are no unrelated environment variables, binaries, or config paths requested.
Instruction Scope: okRuntime instructions are limited to installing and using the Membrane CLI, creating a connection, discovering actions, creating and running actions, and polling status. The instructions do not direct reading arbitrary local files, accessing unrelated env vars, or transmitting data to endpoints other than the Membrane service. They explicitly advise not to ask users for API keys and to let Membrane handle auth.
Install Mechanism: noteThe skill instructs installing @membranehq/cli via npm (global install or npx). This is a common, expected mechanism for CLI-based integrations but carries the usual caveat: npm packages execute code from the registry. The install instruction is proportional to the skill's design but users should vet the package source or run it in an isolated environment if concerned.
Credentials: okNo environment variables or credentials are required by the skill itself. Authentication is performed interactively through Membrane (browser flow / authorization code), which is consistent with the skill's claim that Membrane manages credentials server‑side. There are no disproportionate credential requests.
Persistence & Privilege: okThe skill is instruction-only and does not request always: true or other elevated persistence. It does not instruct modifying other skills or system-wide configurations. Normal autonomous invocation is allowed by platform defaults but not requested by the skill itself.