Skillv1.0.0

ClawScan security

Momo · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignApr 22, 2026, 9:23 PM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill is internally consistent with a Membrane CLI-based MoMo integration, but the SKILL.md asks you to install/run a CLI (npm package) while the registry metadata doesn't declare required binaries — a minor inconsistency to be aware of.
Guidance: This skill looks like a straightforward integration that uses the Membrane CLI to talk to MoMo. Before installing: ensure you have Node/npm if you plan to follow the instructions (the registry metadata didn't list them), verify the @membranehq/cli package and the getmembrane.com / GitHub repo are legitimate, and be comfortable completing an interactive login in your browser. Installing a global npm CLI will add code to your machine — review the package source (GitHub) or run it in a controlled environment if you need higher assurance. If you don't want to install anything, ask the user whether you can use an existing Membrane connection or run actions via an approved service account instead.

Purpose & Capability: noteThe name/description (MoMo integration) match the instructions (use Membrane CLI to manage Records). Minor omission: the skill expects the 'membrane' CLI (installed via npm) and therefore Node/npm to be available, but the registry metadata lists no required binaries.
Instruction Scope: okSKILL.md confines actions to installing and using the Membrane CLI (login, connect, list actions, run actions). It does not instruct reading unrelated files or asking for user API keys; it explicitly advises letting Membrane manage credentials.
Install Mechanism: noteThere is no formal install spec in the metadata, but the instructions recommend installing @membranehq/cli via npm (global install or npx). Installing from the public npm registry is a normal pattern for CLIs but does write code to disk and relies on an external package; this is moderate-risk compared with instruction-only skills that require no installs.
Credentials: okThe skill declares no required environment variables or credentials and the instructions avoid requesting secrets (relying on Membrane's login flow). Requested access (network + Membrane account) is proportionate to the described purpose.
Persistence & Privilege: okThe skill is not always-enabled and is user-invocable; it does not request persistent system-wide privileges or modify other skills. Autonomous invocation is allowed (platform default) but not combined with other concerning flags.