Back to skill
Skillv1.0.3
ClawScan security
Neetoinvoice · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousApr 22, 2026, 12:49 PM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The instructions match a Neetoinvoice integration via the Membrane CLI, but the skill metadata omits required tooling (npm/node and the membrane CLI) and asks you to install/run code from npm, so you should verify the CLI/package and trust Membrane before proceeding.
- Guidance
- Before installing or running this skill: 1) confirm you have (or are willing to install) node/npm and that you trust the @membranehq/cli package source—consider pinning a specific version rather than using @latest; 2) understand that Membrane will hold and manage credentials and will act on your Neetoinvoice account, so review Membrane's privacy/security posture and permissions; 3) if you are security-sensitive, run the CLI in an isolated environment (or inspect the package contents) before granting it access to production data; and 4) ask the publisher to update the skill metadata to declare required binaries (node/npm and membrane) so the registry accurately reflects runtime needs.
- Findings
[no_code_files_or_scan_findings] expected: This is an instruction-only skill with no local code files; the regex scanner had nothing to analyze. That is expected for a CLI-integration skill, but it also means runtime behavior depends entirely on the external Membrane CLI and service.
Review Dimensions
- Purpose & Capability
- concernThe SKILL.md clearly requires the Membrane CLI (and by extension node/npm to install or run it) and a Membrane account, but the registry metadata lists no required binaries or credentials. That mismatch is incoherent: a runtime that depends on an external CLI and networked auth should declare those dependencies.
- Instruction Scope
- okThe instructions stay within the stated purpose: installing/using Membrane CLI to create connections and run actions against Neetoinvoice. The doc does not instruct the agent to read unrelated files, harvest local credentials, or post data to unexpected endpoints. It does require interactive auth (browser/code flow) and connection creation via Membrane.
- Install Mechanism
- noteInstall instructions use npm install -g @membranehq/cli@latest and npx. Using the npm registry is a common approach but has supply-chain risk and 'latest' can change behavior. There is no download-from-arbitrary-URL, which is good, but installing/running an npm package executes third-party code and should be vetted/pinned.
- Credentials
- noteThe skill does not request local API keys or environment variables and explicitly advises letting Membrane handle credentials server-side. That is proportionate, but it means you must trust Membrane with access to your Neetoinvoice account and data—this is an operational/trust decision rather than a technical one.
- Persistence & Privilege
- okThe skill is instruction-only, has no install spec in the registry, and does not request always:true or system-wide config changes. It relies on Membrane for auth and runs commands when invoked; normal agent autonomy applies but there is no elevated privilege requested by the skill itself.