Skillv1.0.3

ClawScan security

Mindspun · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 22, 2026, 1:35 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: This instruction-only skill is internally consistent: it tells the agent to install and use the Membrane CLI to interact with Mindspun and does not request unrelated credentials or access.
Guidance: This skill appears coherent, but take ordinary precautions before installing and using the recommended CLI: verify the @membranehq/cli package on npm and the provided homepage/repo match the vendor you expect; be aware global npm installs run code during install—use npx if you prefer not to install globally; understand that using the CLI will route Mindspun access through Membrane (your connection and data will be accessible to that service), so consider using a dedicated account or least-privilege connection for sensitive data. If you need higher assurance, confirm the connector and CLI source code on the linked GitHub repository before proceeding.

Review Dimensions

Purpose & Capability: okThe skill name and description (Mindspun integration) align with the instructions: it uses the Membrane CLI and a Mindspun connector to list/create/run actions. Nothing required or suggested (no extra env vars, binaries, or unrelated services) contradicts the stated purpose.
Instruction Scope: okSKILL.md confines the agent to installing/using the Membrane CLI, logging in, creating/listing connections and actions, and running actions. It does not instruct the agent to read arbitrary local files, harvest unrelated env vars, or send data to unexpected endpoints. The only potentially notable behavior is the interactive/headless auth flow that requires the user to complete an OAuth-style login in a browser.
Install Mechanism: noteNo install spec in the registry; SKILL.md recommends npm install -g @membranehq/cli or using npx. Installing a global npm CLI is a common, moderate-risk operation (npm packages can execute install scripts). The recommendation uses a public npm package and official-looking domains (getmembrane.com, github.com/membranedev). There are no downloads from obscure URLs or archive extraction instructions.
Credentials: okThe skill declares no required env vars or credentials and explicitly instructs to use Membrane to handle credentials rather than asking for API keys. That is proportionate to a connector-based integration.
Persistence & Privilege: okThe skill is instruction-only (no code files), does not request always:true, and does not instruct modifying other skills or system-wide configs. Autonomous invocation is allowed by default for skills and is not combined here with other red flags.