Skillv1.0.2

ClawScan security

Oncehub · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 2, 2026, 9:13 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill is internally consistent: it uses the Membrane CLI to access OnceHub and does not request unrelated credentials or access.
Guidance: This skill delegates OnceHub access to the Membrane service and asks you to install the Membrane CLI (npm install -g @membranehq/cli) and sign in via your browser. That is coherent for a connector plugin, but before proceeding: (1) confirm you trust Membrane (check its homepage/repository and privacy docs) because authenticating will grant it access to your OnceHub data; (2) prefer using npx or a scoped install if you do not want a global npm install; (3) review any permissions requested during the Membrane/OunceHub OAuth flow; and (4) avoid pasting local secrets—this skill's instructions explicitly say not to ask for API keys and to let Membrane manage credentials.

Review Dimensions

Purpose & Capability: okName/description (OnceHub integration) align with the instructions: all runtime steps explain how to use Membrane to connect to OnceHub, list/run actions, and proxy API calls. Nothing requested appears unrelated to the stated purpose.
Instruction Scope: okSKILL.md only instructs installing and using the Membrane CLI, logging into Membrane, creating/listing connections, running actions, and proxying requests. It does not direct the agent to read arbitrary local files, harvest environment variables, or send data to unexpected endpoints.
Install Mechanism: noteThe skill recommends installing @membranehq/cli globally via npm (a normal pattern for CLIs). This is an instruction-only skill (no registry install spec), so the actual install is performed by the user/environment. Installing an npm package runs third-party code from the npm registry (moderate risk); this is expected for a CLI-based integration but worth reviewing the package's reputation/source before installing.
Credentials: okThe skill declares no environment variables or local credentials. It relies on Membrane to handle auth via browser-based login and connections, which is proportional to a connector-style integration. Note: authenticating gives Membrane (a third party) access to OnceHub data—this is expected but should be considered by the user.
Persistence & Privilege: okThe skill is not always-enabled and is user-invocable. It does not request system-wide configuration changes or other skills' credentials. There is no instruction to modify other skills or agent configuration.