v1.0.4

Lifterlms

ReviewClawScan verdict for this skill. Analyzed Apr 30, 2026, 5:09 PM.

Analysis

This skill is useful for LifterLMS work, but it asks users to install an unpinned global CLI, delegate credentials through Membrane, and allows destructive LMS actions without clear guardrails.

GuidanceInstall only if you trust Membrane and are comfortable granting it access to your LifterLMS or WordPress data. Prefer a pinned CLI version, use a least-privileged account, verify the exact connection target, and require explicit confirmation before any create, update, delete, or direct API action.

Findings (7)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Agent Goal Hijack

SeverityLowConfidenceHighStatusNote

SKILL.md

clientAction.agentInstructions (optional) — instructions for the AI agent on how to proceed programmatically.

The skill allows instructions returned by the external connection flow to guide the agent. This is purpose-aligned for setup, but those instructions should not become higher authority than the user's request.

User impactA provider response could influence how the agent proceeds during connection setup.

RecommendationTreat provider-returned instructions as limited setup guidance and do not follow them if they expand the task, override the user, or request unrelated actions.

Tool Misuse and Exploitation

SeverityHighConfidenceHighStatusConcern

SKILL.md

Delete Course | delete-course | Deletes a course ... Delete Student | delete-student | Deletes a student ... send requests directly to the LifterLMS API

The skill exposes create/update/delete actions and direct API access, but the artifacts do not specify approval, scope limits, or safeguards for high-impact mutations.

User impactThe agent could modify or delete courses, lessons, memberships, or student records if invoked with the wrong action or input.

RecommendationRequire explicit user confirmation for create, update, delete, and proxy/API calls; preview target IDs and inputs before running destructive actions.

Agentic Supply Chain Vulnerabilities

SeverityMediumConfidenceHighStatusConcern

SKILL.md

npm install -g @membranehq/cli@latest ... If no app is found, one is created and a connector is built automatically.

The skill relies on an unpinned global npm package and automatically built remote connectors, while the registry has no install spec to pin, verify, or constrain those components.

User impactUsers may install changing CLI code or rely on generated connector behavior that is not version-pinned in the skill artifacts.

RecommendationPin the Membrane CLI version, verify the package source, and review generated connector behavior before using it on sensitive or production LMS data.

Unexpected Code Execution

SeverityLowConfidenceHighStatusNote

SKILL.md

npm install -g @membranehq/cli@latest ... npx @membranehq/cli connection get <id> --wait --json

The skill instructs the user to install and run npm-distributed CLI code. This is expected for a CLI-based integration, but it is local code execution that users should notice.

User impactInstalling or running the CLI can affect the local environment where the command is executed.

RecommendationRun the CLI only in a trusted environment, prefer a pinned version, and avoid running it with unnecessary administrative privileges.

Cascading Failures

SeverityMediumConfidenceHighStatusConcern

SKILL.md

Delete Course | delete-course | Deletes a course ... Delete Membership | delete-membership | Deletes a membership ... Delete Student | delete-student | Deletes a student

A wrong destructive action or ID could affect related LMS entities such as courses, memberships, enrollments, or student records, and the artifacts do not describe containment or rollback.

User impactA single mistaken action could disrupt important LMS content or user records.

RecommendationBack up important LMS data, confirm IDs and targets before mutations, and test on non-production data when possible.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityHighConfidenceHighStatusConcern

SKILL.md

Membrane handles authentication and credentials refresh automatically ... "connect" — user needs to authenticate (OAuth, API key, etc.).

The skill requires delegated authentication and automatic credential refresh for an account that can perform LMS mutations, but it does not define least-privilege scopes, duration, or revocation handling.

User impactA connected account may retain ongoing authority to access or change LifterLMS data through Membrane.

RecommendationUse the least-privileged LifterLMS or WordPress account available, verify the Membrane tenant and connection, and revoke the connection when no longer needed.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Insecure Inter-Agent Communication

SeverityMediumConfidenceHighStatusConcern

SKILL.md

This skill uses the Membrane CLI to interact with LifterLMS. Membrane handles authentication and credentials refresh automatically

The integration uses Membrane as a gateway for LifterLMS data and credentials, but the artifacts do not clearly define data boundaries, connector permissions, or how gateway-originated instructions should be constrained.

User impactLifterLMS data and authentication flows may pass through a third-party gateway whose boundaries are not fully specified in the skill artifacts.

RecommendationUse this only with a Membrane tenant you trust, verify the connection target, and avoid granting broader account access than the task requires.