Back to skill
Skillv1.0.3
ClawScan security
Linkedin · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousApr 21, 2026, 1:07 PM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's runtime instructions are coherent for a LinkedIn integration using the Membrane CLI, but the package metadata omits required tooling and account requirements and gives no install spec — these mismatches warrant caution before installing.
- Guidance
- This skill appears to be a legitimate LinkedIn integration that uses the Membrane CLI, but the metadata omits some runtime requirements. Before installing: 1) Confirm you are comfortable installing a global npm package (@membranehq/cli) — verify the npm publisher, package page, and recent versions; consider installing in a container or dedicated environment rather than your primary system. 2) Verify the Membrane service (getmembrane.com) and the referenced GitHub repo are trustworthy and match the package owner. 3) Expect to authenticate via a browser-based flow to a Membrane account (no API key requests expected), and ensure you are not asked to paste secrets into chat. 4) If you need stronger assurance, ask the publisher to update registry metadata to list required binaries (npm/node, membrane) and the Membrane account requirement, and provide package integrity information (signed release or checksum). If those clarifications are provided, the skill would likely be classified as benign.
Review Dimensions
- Purpose & Capability
- noteThe SKILL.md describes a LinkedIn integration that runs via the Membrane CLI (connecting to LinkedIn, listing/creating posts, comments, organizations). That matches the skill name and description. However, the metadata declares no required binaries or credentials while the instructions explicitly require npm (to install @membranehq/cli) and the Membrane account — a discrepancy.
- Instruction Scope
- okThe instructions stick to installing/using the Membrane CLI and creating a connection to LinkedIn; they do not instruct the agent to read unrelated files, exfiltrate secrets, or call unexpected external endpoints beyond Membrane/LinkedIn.
- Install Mechanism
- concernThere is no formal install spec in the registry, but SKILL.md tells the user to run `npm install -g @membranehq/cli@latest` (global npm install). Installing a global npm package will write code to disk and run arbitrary JS; the metadata should have declared that requirement. The install source (npm) is a normal registry, but the lack of metadata and lack of integrity or publisher guidance is an inconsistency and an operational risk.
- Credentials
- noteThe skill declares no required environment variables or credentials, and recommends letting Membrane handle auth server-side. That is proportionate for a connector. However, SKILL.md explicitly states a valid Membrane account and network access are required — these runtime requirements are not reflected in the registry metadata and should be declared.
- Persistence & Privilege
- okThe skill is instruction-only, does not request always:true, and does not request system-wide config or other skills' credentials. Agent autonomous invocation is allowed (platform default), which is not by itself concerning given the limited footprint described.