Back to skill
Skillv1.0.3
ClawScan security
Microsoft Outlook · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 21, 2026, 11:47 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's instructions, requirements, and behavior are internally consistent with an Outlook integration that delegates auth and API calls to the Membrane CLI/service; it does not request unrelated credentials or attempt unexpected local access.
- Guidance
- This skill is coherent: it uses the Membrane CLI to connect to Outlook and does not ask for unrelated credentials. Before installing, decide whether you trust Membrane (getmembrane.com and the @membranehq/cli npm package) to handle your Outlook data and tokens, since authentication and API calls are handled server-side by Membrane. If you have policy or privacy concerns, review Membrane's privacy/security docs, verify the npm package publisher, or test the CLI in an isolated environment (VM/container) rather than installing it globally. No local secrets or unrelated system files are requested by the skill itself.
Review Dimensions
- Purpose & Capability
- okThe skill claims to integrate with Microsoft Outlook and its instructions use the Membrane CLI to create connections and run Outlook-related actions. Required capabilities (network + Membrane account) match the stated purpose.
- Instruction Scope
- noteThe SKILL.md only instructs installing and using the Membrane CLI, logging in, creating a connection for the microsoft-outlook connector, discovering and running actions. It does not instruct reading local files or unrelated environment variables. Note: authentication is delegated to Membrane and involves opening a browser or pasting a code, which results in token/connection state being managed server-side by Membrane.
- Install Mechanism
- noteThere is no registry-level install spec, but the runtime instructions tell the user to install @membranehq/cli via npm (global install). Installing a third-party CLI from the public npm registry is expected for this integration but is a moderate-risk action (global npm installs change the system environment and execute third-party code).
- Credentials
- okThe skill declares no required environment variables or local config paths and its instructions explicitly say 'never ask the user for API keys or tokens' because Membrane manages auth. Requested access is proportionate to an Outlook connector that relies on a third-party service for auth.
- Persistence & Privilege
- okThe skill does not request always:true and is user-invocable. It does not attempt to modify other skills or system-wide settings. Autonomous invocation remains allowed (platform default) but is not combined with other concerning privileges.