Skillv1.0.1

ClawScan security

Littledata · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 22, 2026, 9:11 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: Instructions, requirements, and actions are coherent with a Littledata integration that uses the Membrane CLI; nothing requested or instructed appears disproportionate to that purpose.
Guidance: This skill appears coherent: it expects you to install and use the official Membrane CLI to connect to Littledata and run actions. Before installing, verify the @membranehq/cli package on the npm registry and the linked repository (https://github.com/membranedev/application-skills) to ensure it is the legitimate project. Be aware that npm install -g writes a global binary — avoid doing this on locked-down or production machines without review. Authentication is interactive (browser or copy-paste code); the skill explicitly says not to ask for API keys, which is good. Expect to perform a manual login step when first connecting. If you need to run this entirely headless or in an automated environment, verify the CLI's headless auth flow and consider the security posture of storing any resulting tokens. If any part of the install or repository looks different from the official Membrane project, do not proceed.

Review Dimensions

Purpose & Capability: okThe skill is presented as a Littledata integration and all runtime instructions center on using the Membrane CLI to connect to Littledata and run pre-built actions. Requiring a Membrane account and network access is appropriate and proportional.
Instruction Scope: okSKILL.md stays on-topic: it instructs installing/using the Membrane CLI, performing interactive login, creating a connection, discovering and running actions, and recommends using --json. It does not ask the agent to read unrelated system files, harvest local secrets, or contact unexpected endpoints.
Install Mechanism: noteThere is no formal install spec in the skill metadata, but SKILL.md tells users to run npm install -g @membranehq/cli@latest (and suggests npx for ad-hoc commands). Installing a public npm CLI is a reasonable approach but is a moderate-risk action compared with an instruction-only skill because it writes a global binary; users should verify the package source/repository before installing.
Credentials: okThe skill requests no environment variables or local config paths. Authentication is handled interactively by Membrane (browser-based auth or headless code flow), which aligns with the stated design and the guidance to avoid asking users for API keys or tokens.
Persistence & Privilege: okThe skill does not request persistent or elevated platform privileges (always:false). It does not instruct modifying other skills or system-wide agent settings. Autonomous invocation is allowed (platform default) but not combined with other concerning behaviors.