Back to skill
Skillv1.0.2
ClawScan security
Notion · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 2, 2026, 8:39 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's instructions and requirements align with a Notion integration implemented via the Membrane CLI; nothing requested is disproportionate to that purpose.
- Guidance
- This skill appears to do what it claims (Notion access via Membrane). Before installing or using it: 1) Verify the @membranehq/cli package and the vendor (getmembrane.com / GitHub repo) are legitimate and up-to-date on npm/GitHub. 2) Be aware npm -g installs write to your system PATH; only run if you trust the package. 3) When you run membrane login/connect you'll grant Membrane access to your Notion workspace — review requested scopes and use a least-privilege account if possible. 4) Confirm where the CLI stores tokens/config locally (if you care about local persistence). 5) If you need a higher assurance level, ask the publisher to add an explicit install spec and a list of persisted config paths or token storage locations.
Review Dimensions
- Purpose & Capability
- okThe name and description describe a Notion integration and the SKILL.md consistently instructs use of the Membrane CLI to access Notion. Required network access and a Membrane account are mentioned in the instructions and are appropriate for a proxy-based Notion integration.
- Instruction Scope
- okThe runtime instructions are narrowly scoped to installing and using the Membrane CLI to create connections, list actions, run actions, and proxy direct Notion API calls. The instructions do not ask the agent to read unrelated files, harvest other credentials, or send data to unexpected endpoints.
- Install Mechanism
- noteThe SKILL.md recommends installing @membranehq/cli via npm -g. That is a reasonable install for this workflow, but it is a third-party global npm package (moderate-risk install) and the skill registry entry did not include an install spec or explicit declaration of this requirement.
- Credentials
- okNo unrelated environment variables or config paths are requested. Authentication is handled interactively through Membrane (OAuth/browser flow), which is proportionate to integrating with Notion. Note: the CLI will likely persist tokens/config locally — the docs don't describe where or how long.
- Persistence & Privilege
- okThe skill is instruction-only (no code written by the registry) and does not request always:true. The only persistent side-effect would be installing and logging into the Membrane CLI (if the user chooses to do so). Autonomous invocation is allowed by platform default but is not combined with other concerning privileges here.