Back to skill
Skillv1.0.5
ClawScan security
Microsoft Teams · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 28, 2026, 9:14 AM
- Verdict
- benign
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's instructions and requirements match its Microsoft Teams integration purpose, but it depends on installing a third-party CLI (npm @membranehq/cli) which you should verify before installing.
- Guidance
- This skill appears coherent for Microsoft Teams integration, but it relies on installing a third-party CLI (@membranehq/cli) and on a Membrane account. Before installing: 1) verify the npm package owner and repository (check @membranehq on npm and the GitHub repo), 2) prefer installing the CLI in an isolated environment or as a non-root user (avoid global installs if you can), 3) understand that the CLI will perform browser-based OAuth and will store tokens/config on your machine or Membrane account, and 4) only grant Teams access you intend to share. If you cannot verify the CLI/package source or do not trust the vendor, do not install the CLI or run the login flows.
Review Dimensions
- Purpose & Capability
- okName/description map to the actions described in SKILL.md (listing/sending messages, teams/channels management). The use of a connector/CLI (Membrane) to reach Microsoft Teams is coherent with the stated purpose.
- Instruction Scope
- noteThe SKILL.md stays on-topic: it instructs installing and using the Membrane CLI, authenticating via browser, creating/monitoring a connection, and listing/performing Teams actions. It does not instruct reading unrelated local files or other credentials. However it asks the user/agent to install and run an external CLI and to complete interactive auth flows, which expands the runtime surface beyond the skill text itself.
- Install Mechanism
- noteNo registry install spec was provided, but SKILL.md tells users to run `npm install -g @membranehq/cli@latest` (a public npm package). npm global installs execute package code and modify system-wide PATH; this is expected for a CLI but is a moderate-risk step and should be vetted (check package ownership, integrity, and versions). There are no arbitrary URL downloads or archive extracts in the instructions.
- Credentials
- noteThe skill declares no required env vars or credentials in metadata. In practice the Membrane CLI will manage OAuth tokens and persist credentials (browser-based login, connection IDs). That behavior is expected for a connector but means tokens/config will be stored; the skill itself does not request unrelated secrets.
- Persistence & Privilege
- okThe skill is not always-enabled and is user-invocable. It does not request elevated platform privileges or modify other skills. The only persistence considered is installing a CLI (global npm) and storing auth tokens via the Membrane CLI, which is typical for such integrations.