ClawHub
Back to skill
v1.0.2

Libraria

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 7:43 AM.

Analysis

The skill appears to be a legitimate Libraria integration, but it gives the agent broad authenticated ability to run Libraria actions, including deletion and raw API requests.

GuidanceInstall only if you trust Membrane and need an agent to manage Libraria data. Before use, require explicit confirmation for deletes, updates, additions, or raw API calls, verify the Membrane CLI package, and know how to revoke the Libraria/Membrane connection.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityMediumConfidenceHighStatusConcern
SKILL.md
When the available actions don't cover your use case, you can send requests directly to the Libraria API through Membrane's proxy... HTTP method (GET, POST, PUT, PATCH, DELETE).

The skill documents a broad authenticated API proxy, including mutating and deleting methods, without clear limits or explicit confirmation requirements.

User impactAn agent using this skill could make unintended changes or deletions in the user's Libraria account if a request is misinterpreted or insufficiently reviewed.
RecommendationRequire explicit user confirmation before any POST, PUT, PATCH, DELETE, or delete-document action; prefer scoped Membrane actions over raw proxy requests and document safe rollback steps.
Agentic Supply Chain Vulnerabilities
SeverityLowConfidenceHighStatusNote
SKILL.md
npm install -g @membranehq/cli

The setup requires installing an unpinned global npm CLI package, while the registry metadata lists no install specification or required binary.

User impactA global CLI install affects the local environment and depends on the npm package source and version available at install time.
RecommendationInstall the CLI only from the trusted npm package, consider pinning or verifying the version, and expect the skill metadata to declare the CLI dependency.
Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse
SeverityLowConfidenceHighStatusNote
SKILL.md
Membrane handles authentication and credentials refresh automatically... The user completes authentication in the browser.

The skill relies on delegated Membrane/Libraria authentication and ongoing credential refresh, which is expected for the integration but sensitive.

User impactConnecting an account gives the Membrane CLI delegated access to Libraria data and actions until the connection is revoked or expires.
RecommendationUse only the intended Libraria account, review what the connection can access, and revoke the Membrane connection when it is no longer needed.