Back to skill
Skillv1.0.3
ClawScan security
Linear · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 21, 2026, 12:05 PM
- Verdict
- benign
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill is coherent with its stated purpose (it instructs the agent to use the Membrane CLI to talk to Linear), but there are small inconsistencies to be aware of (notably the SKILL.md requires installing/using a CLI and npm which the skill metadata does not declare).
- Guidance
- This skill delegates Linear access to the Membrane service and instructs you to install the '@membranehq/cli' npm package and to log in with Membrane. Before installing/use: (1) confirm you trust Membrane (homepage and GitHub repo are provided); (2) be aware 'npm install -g' will add software to your system — review the package source if unsure; (3) ensure you are comfortable granting Membrane access to your Linear data (Membrane will hold the auth); (4) the SKILL.md expects 'npm' and the 'membrane' binary but the skill metadata doesn't declare required binaries—make sure your runtime has npm available or install the CLI yourself. If you want lower risk, run the CLI in a sandbox or use a separate Membrane account with limited permissions.
Review Dimensions
- Purpose & Capability
- noteThe name and description match the instructions: the skill uses Membrane to manage Linear resources. However, the skill metadata declares no required binaries or env vars while the SKILL.md clearly expects an npm-installed 'membrane' CLI and network access — a mild mismatch.
- Instruction Scope
- okInstructions stay within scope: they direct the user/agent to install and use the Membrane CLI, authenticate via the Membrane service, create a connection to Linear, discover and run actions, and avoid collecting raw API keys. The instructions do not ask the agent to read unrelated files, exfiltrate data, or access system credentials.
- Install Mechanism
- noteThere is no formal install spec (instruction-only). The SKILL.md tells the user to run 'npm install -g @membranehq/cli@latest' — an npm global install from the public registry. That is an expected mechanism for a CLI but is higher-risk than a purely instruction-only skill because it writes code to the system; users should ensure they trust the '@membranehq/cli' package and have npm available.
- Credentials
- okNo environment variables or credentials are requested by the skill. The SKILL.md explicitly recommends letting Membrane manage credentials server-side and not asking users for API keys, which is proportional to the described purpose.
- Persistence & Privilege
- okThe skill does not request always:true or any privileged persistent presence and does not modify other skills or system-wide agent settings. Autonomous invocation is allowed (platform default) but is not combined with other high-risk factors here.