ClawHub
Back to skill
v1.0.4

Mattermost

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 8:23 AM.

Analysis

This is a coherent Mattermost integration, but it gives the agent broad authenticated ability to call Mattermost APIs, including write and delete operations, so it needs careful review before installation.

GuidanceInstall only if you trust Membrane and the npm CLI source, connect a least-privilege Mattermost account, and require explicit confirmation before the agent posts, edits, deletes, moderates, or changes workspace settings.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityHighConfidenceHighStatusConcern
SKILL.md
When the available actions don't cover your use case, you can send requests directly to the Mattermost API through Membrane's proxy... `-X, --method` | HTTP method (GET, POST, PUT, PATCH, DELETE).

The skill exposes a broad authenticated API escape hatch, including destructive methods, without documented user confirmation, scoping, rollback, or containment requirements.

User impactAn agent using this skill could make or delete Mattermost content, users, channels, or settings depending on the connected account's permissions.
RecommendationUse a least-privilege Mattermost connection and require explicit user approval before any write, delete, moderation, or administrative request.
Agentic Supply Chain Vulnerabilities
SeverityLowConfidenceHighStatusNote
SKILL.md
npm install -g @membranehq/cli@latest

The setup uses a globally installed npm CLI at the latest version. This is central to the stated Membrane workflow, but it means the installed code comes from the current npm package rather than a pinned reviewed version.

User impactInstalling the CLI globally gives that package local command execution capability on the user's machine.
RecommendationInstall the CLI only from the expected publisher, consider pinning a reviewed version, and avoid running it with elevated privileges.
Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse
SeverityMediumConfidenceHighStatusNote
SKILL.md
Membrane handles authentication and credentials refresh automatically... Membrane automatically appends the base URL to the path you provide and injects the correct authentication headers.

The skill depends on delegated Membrane and Mattermost authentication. This is expected for the integration, but it grants the agent actions under the user's connected account.

User impactThe agent may be able to access or modify Mattermost data to the same extent allowed by the connected credentials.
RecommendationConnect only accounts with the minimum permissions needed, and review what Mattermost workspace or server is being connected.
Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Insecure Inter-Agent Communication
SeverityMediumConfidenceHighStatusNote
SKILL.md
you can send requests directly to the Mattermost API through Membrane's proxy... injects the correct authentication headers

Mattermost requests and authenticated access are routed through the Membrane service as a gateway. This is disclosed and purpose-aligned, but it is an important data and trust boundary.

User impactMattermost request data and responses may pass through Membrane, so sensitive workspace content could be exposed to that integration path.
RecommendationUse this only if Membrane is an approved service for the Mattermost workspace's data sensitivity, and avoid sending unnecessary sensitive content.