Skillv1.0.3

ClawScan security

Orama · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignApr 22, 2026, 1:38 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's requirements and instructions align with its stated purpose (it uses the Membrane CLI to manage Orama via a connector); nothing requested looks disproportionate or unrelated.
Guidance: This skill delegates Orama operations to the Membrane service and instructs you to install and use the @membranehq CLI. That is internally consistent, but before installing or running it: (1) verify the @membranehq npm package and the Membrane homepage are the legitimate projects you expect, (2) prefer using npx for one-off runs instead of npm -g to avoid a global install, and (3) be aware that authenticating will involve the Membrane service (they handle credentials server-side), so using the skill will send connection/data metadata to that third party. If you need tighter control of credentials or on-premise execution, confirm Membrane's data handling and deployment options first.

Purpose & Capability: okThe skill describes an Orama integration and all runtime instructions use the Membrane CLI and an 'orama' connector, which is coherent: Membrane provides connectors/actions to manage Orama. The homepage and repository references point at Membrane-related projects rather than an unrelated service.
Instruction Scope: okSKILL.md instructs the agent to install and invoke the Membrane CLI, create connections, list and run actions, and to use browser-based login flow or headless code exchange. It does not instruct reading unrelated files, scanning system paths, or exfiltrating secrets beyond normal interactive login flows.
Install Mechanism: noteThere is no registry install spec (instruction-only), but the doc recommends installing @membranehq/cli via npm -g or using npx in examples. Installing a public npm package is expected here but carries the usual npm-global risks; consider using npx or verifying the package publisher before globally installing.
Credentials: okThe skill declares no required env vars or credentials. Authentication is performed via the Membrane login flow (browser or code exchange) rather than asking for API keys in the skill, which is proportionate to the described purpose.
Persistence & Privilege: okalways is false and the skill does not request permanent system presence or access to other skills' configuration. Autonomous invocation is allowed (platform default) but not combined with other red flags.