Back to skill
Skillv1.0.1
ClawScan security
Leaseweb · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 22, 2026, 11:11 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's instructions and requirements align with its stated purpose (it delegates Leaseweb access to the Membrane CLI), with no unexplained credential or filesystem access; the only noteworthy point is that it asks users to install an external npm CLI.
- Guidance
- This skill is coherent: it uses the Membrane CLI to access Leaseweb and does not ask for direct API keys. Before installing or running it, verify the Membrane CLI package (@membranehq/cli) on npm/GitHub (publisher, recent activity, release notes) and prefer a scoped or pinned version rather than 'latest'. Avoid running global installs from untrusted environments, and only connect accounts you trust to Membrane. If you must run this in an automated or high-privilege environment, review Membrane's privacy/security docs and consider isolating the CLI (container or dedicated machine) to limit blast radius.
Review Dimensions
- Purpose & Capability
- okThe skill is described as a Leaseweb integration and all runtime instructions are about using the Membrane CLI to connect to Leaseweb, list/create/run actions, and manage connections. Requested capabilities match the description — no unrelated credentials, binaries, or paths are requested.
- Instruction Scope
- okSKILL.md confines runtime behaviour to installing/using the Membrane CLI, authenticating via Membrane, creating connections, discovering and running actions. It explicitly advises not to request API keys from users and does not instruct the agent to read unrelated files or environment variables.
- Install Mechanism
- noteThere is no packaged install spec, but the instructions ask the user to run `npm install -g @membranehq/cli@latest`. Installing a global npm package is a common way to get a CLI but carries normal supply-chain considerations (postinstall scripts, privilege of global installs). This is proportionate to the stated purpose but worth verifying (package provenance, maintainer, and version) before running.
- Credentials
- okThe skill declares no required environment variables or credentials and instructs that Membrane will manage auth server-side. It does not request unrelated secrets or broad environment access.
- Persistence & Privilege
- okalways is false and the skill doesn't request persistent presence or modify other skills or system-wide configuration. Autonomous invocation is allowed (platform default) and is not combined with other red flags here.