Back to skill
Skillv1.0.1
ClawScan security
Leadconduit · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 22, 2026, 7:15 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is an instruction-only wrapper that tells the agent to use the Membrane CLI to interact with LeadConduit; its requirements and instructions are consistent with that purpose and do not ask for unrelated credentials or system access.
- Guidance
- This skill appears coherent and limited to using the Membrane CLI to access LeadConduit. Before installing: (1) verify the npm package and the vendor (https://getmembrane.com / the GitHub repo) are legitimate; (2) prefer using `npx` for one-off runs instead of a global `npm -g` install if you want to avoid writing new binaries to your system; (3) confirm what permissions the Membrane connection will grant to LeadConduit data and only connect accounts you trust; and (4) follow the SKILL.md guidance not to paste API keys into chat — the CLI uses a browser/code flow for authentication.
Review Dimensions
- Purpose & Capability
- okName and description claim a LeadConduit integration and the SKILL.md directs use of the Membrane CLI to manage LeadConduit records. There are no unrelated environment variables, binaries, or config paths requested — the required pieces are proportional to the described integration.
- Instruction Scope
- okRuntime instructions are limited to installing/running the Membrane CLI, authenticating (browser-based or code flow), creating connections, discovering and running actions, and polling for build state. The instructions do not tell the agent to read local files, exfiltrate data, or access unrelated system paths.
- Install Mechanism
- noteThere is no registry-level install spec, but SKILL.md instructs users to run `npm install -g @membranehq/cli@latest` or use `npx`. Installing a public npm CLI is a common pattern; this is moderate-risk compared to instruction-only skills because it results in code being installed. The package name matches the stated vendor/homepage, not an arbitrary URL.
- Credentials
- okThe skill declares no required environment variables or credentials. SKILL.md explicitly says Membrane handles auth server-side and advises not to collect API keys locally, which is consistent with its operation.
- Persistence & Privilege
- okThe skill does not request 'always' presence and does not modify other skills or system-wide settings. It relies on the CLI and user-driven auth flows. Autonomous invocation remains allowed by default but that is normal and not combined with other concerning privileges here.