Back to skill
Skillv1.0.1
ClawScan security
Ordoro · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 22, 2026, 11:03 PM
- Verdict
- benign
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's instructions and requirements are internally consistent: it delegates Ordoro access to the Membrane CLI and does not ask for unrelated credentials or system access.
- Guidance
- This skill is coherent: it asks you to use the Membrane CLI to manage Ordoro and does not ask for extraneous system access. Before installing, verify the @membranehq/cli package and repository on npm/GitHub to ensure you trust the publisher. Prefer using npx if you want to avoid a global install. Understand that installing a third-party CLI gives that package the ability to run code on your machine, so review its source or package metadata if you have concerns. Finally, authenticate via the official Membrane flow (do not paste API keys into chat) and confirm the Ordoro connector shown by Membrane is the official one.
Review Dimensions
- Purpose & Capability
- okThe skill is an Ordoro integration and all runtime instructions target the Membrane CLI to create connections and run actions against Ordoro. Requesting a Membrane account and CLI is coherent with the stated purpose.
- Instruction Scope
- okSKILL.md only instructs the agent to install/use the Membrane CLI, authenticate via Membrane, create a connection to the Ordoro connector, search for and run actions, and avoid asking users for API keys. It does not instruct reading unrelated files, harvesting env vars, or sending data to unexpected endpoints.
- Install Mechanism
- noteThere is no formal install spec; the doc tells users to run `npm install -g @membranehq/cli@latest` (or use npx). Installing a third-party npm CLI is a common approach but carries the usual npm package risk (supply-chain or malicious package). The instructions do not use raw download URLs or archives.
- Credentials
- okThe skill declares no required environment variables or secrets and explicitly advises letting Membrane manage credentials. The requested access (a Membrane account + interactive login) is proportional to the integration.
- Persistence & Privilege
- okThe skill does not request always-on presence and uses default agent invocation. It does not ask to modify other skills or system-wide config. Autonomous invocation is allowed by default and is not a specific additional privilege here.