Back to skill
Skillv1.0.2
ClawScan security
Openai · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 2, 2026, 8:41 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is an instruction-only wrapper for the Membrane CLI to manage OpenAI resources; its requirements and instructions are generally coherent with that purpose.
- Guidance
- This skill is a set of instructions for using the Membrane CLI to access OpenAI resources; it does not include code or ask for API keys. Before installing or using it: (1) verify you trust Membrane (the skill will direct authentication through Membrane, which will hold your OpenAI credentials and can proxy API requests); (2) ensure you have Node/npm available because the docs require a global npm install even though metadata doesn't declare it; (3) review the @membranehq/cli package source (GitHub/npm) if you want to audit what the CLI does during login and proxying; (4) be mindful that the 'membrane request' proxy can send arbitrary API calls on your behalf — only create connections to services you trust. If any of these are unacceptable, do not install or use the skill.
Review Dimensions
- Purpose & Capability
- noteThe name/description claim an OpenAI integration and the SKILL.md consistently instructs use of the Membrane CLI to manage OpenAI Assistants, Files, and proxy requests. Minor mismatch: the skill metadata declares no required binaries while the runtime docs tell the user to install a global npm package (@membranehq/cli), which implies Node/npm are required but are not listed in metadata.
- Instruction Scope
- okInstructions focus on using the Membrane CLI to create connections, list actions, run actions, and proxy requests to OpenAI. They do not instruct the agent to read unrelated files or environment variables, nor to transmit data to unexpected endpoints beyond the declared Membrane proxy flow.
- Install Mechanism
- noteThis is an instruction-only skill (no install spec). The SKILL.md asks the user to install @membranehq/cli via npm -g (npm registry). That is a user-driven install (no arbitrary download URLs), but the skill metadata does not declare the implied dependency on Node/npm.
- Credentials
- okNo environment variables or credentials are requested by the skill. The instructions explicitly advise letting Membrane handle credentials rather than asking the user for keys, which is proportionate to the stated purpose. Be aware that Membrane will hold the service credentials on the backend when you create a connection.
- Persistence & Privilege
- okSkill is not always-on and allows normal autonomous invocation. It does not request persistent system privileges or modify other skills' configs according to the provided metadata.