Skillv1.0.1

ClawScan security

Otter Waiver · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 22, 2026, 9:30 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's requirements and instructions align with its stated purpose: it is an instruction-only integration that expects you to use the Membrane CLI to connect to Otter Waiver and does not request unrelated credentials or system access.
Guidance: This skill appears coherent for integrating Otter Waiver via Membrane. Before installing or following the instructions, consider: (1) you will need a Membrane account and must trust getmembrane.com to store and manage Otter Waiver credentials; (2) installing the CLI uses npm (supply-chain risk and requires file system access); prefer npx for one-off commands or pin a specific CLI version if you need reproducibility; (3) verify the @membranehq npm package and the Membrane homepage/repository match your expectations; (4) do not share your Otter Waiver credentials directly with the agent—use the connection/login flow as described. If you need higher assurance, review the Membrane CLI source or use an environment where you can audit the installed package before use.
Findings: [no-regex-findings] expected: The static regex scanner found nothing because this is an instruction-only skill (SKILL.md). That is expected; runtime behavior depends on the Membrane CLI and the external login flow.

Review Dimensions

Purpose & Capability: okThe name/description (Otter Waiver integration) match the runtime instructions: they tell the agent to install/use the Membrane CLI, create a connection to the otter-waiver connector, discover and run actions. Nothing in the SKILL.md asks for unrelated capabilities (no cloud credentials, no access to unrelated services).
Instruction Scope: okInstructions are scoped to installing/using the Membrane CLI, logging in, creating a connection, discovering and running actions. They do not instruct the agent to read local secrets, system config paths, or exfiltrate data to unexpected endpoints. They do require network access and a Membrane account (documented).
Install Mechanism: noteThere is no automated install spec in the registry (lowest risk). The SKILL.md recommends installing @membranehq/cli from npm (npm -g or npx). This is coherent for a CLI-based integration but carries the usual supply-chain considerations: installing packages from npm and using the unpinned '@latest' tag can change behavior over time. The recommendation to use npx is safer for one-off runs.
Credentials: okThe skill requests no environment variables or local credentials; authentication is performed via Membrane's login flow (browser-based or headless code exchange). This is proportionate to the stated purpose. Note that using this skill requires trusting Membrane (getmembrane.com) to manage Otter Waiver credentials server-side.
Persistence & Privilege: okThe skill is not always-enabled and uses normal autonomous-invocation defaults. It does not request persistent system-wide changes or access to other skills' configurations. No elevated privileges are requested in the metadata or instructions.