Back to skill
Skillv1.0.3
ClawScan security
Listclean · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousApr 22, 2026, 12:46 PM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's instructions rely on installing and running the Membrane CLI (via npm/npx) but the skill metadata does not declare required binaries or an install step — this mismatch and the implied remote code execution are worth caution before installing.
- Guidance
- This skill appears to be what it says (a Membrane-driven Listclean integration) but has an important mismatch: the runtime docs require the Membrane CLI and npm/node, yet the skill metadata does not declare any required binaries or an install step. Before installing or running commands: 1) Verify you trust the @membranehq/cli npm package and the Membrane service (check the package on npm and the project's repo). 2) Prefer pinning a specific CLI version rather than @latest (e.g., use explicit version in npx). 3) Be aware npx can run remote code — consider installing in an isolated environment or reviewing the package contents first. 4) Confirm that Membrane's connector for Listclean exists and that you are comfortable having Membrane handle the auth/credentials. If you need full assurance, request the publisher to update the skill metadata to declare required binaries (node/npm and membrane) and to include a pinned-install recommendation.
Review Dimensions
- Purpose & Capability
- concernThe SKILL.md clearly requires the Membrane CLI (commands like `membrane`, `membrane login`, `membrane connect`, and usage of `npx @membranehq/cli@latest`). However, the skill metadata lists no required binaries or install spec. Node/npm and the membrane CLI are necessary to follow the instructions but are not declared — an incoherence between stated requirements and runtime instructions.
- Instruction Scope
- noteThe instructions stay within the stated purpose (interacting with Listclean via Membrane) and do not ask for unrelated files or environment variables. They instruct interactive or headless login flows and action discovery/creation via the Membrane CLI, which is consistent with the described integration.
- Install Mechanism
- noteThere is no registry install spec, but SKILL.md tells users to run `npm install -g @membranehq/cli@latest` and uses `npx` in examples. That requires installing a package from the public npm registry (moderate risk) and allows remote code execution via npx. The skill does not recommend pinning versions or verifying the package, which would reduce risk.
- Credentials
- okThe skill requests no environment variables or API keys and explicitly advises letting Membrane manage credentials server-side. The required account is a Membrane account, which is proportional to the stated function.
- Persistence & Privilege
- okalways:false and the skill is user-invocable. The skill does not request permanent presence or system-wide configuration changes in the SKILL.md. Autonomous invocation is allowed but not combined with other high-risk indicators.