Back to skill
Skillv1.0.3
ClawScan security
Outreach · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 21, 2026, 11:46 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's instructions and requirements are internally consistent: it delegates Outreach access to the Membrane CLI/service and only asks the user to install and authenticate that CLI; there are no unexplained credential or system accesses.
- Guidance
- This skill appears to do what it says: it uses the Membrane CLI to access Outreach. Before installing/using it, consider: 1) You will install a global npm package (@membranehq/cli) — review that package's source and publisher and be aware of npm supply-chain risk. 2) Authentication and credentials for Outreach are handled by Membrane, so you must trust Membrane to store and use those tokens; review their privacy/security docs and consider using a least-privilege Outreach account. 3) The CLI will send action descriptions and data to Membrane's service (your queries and some data may be transmitted); avoid sending sensitive PII unless you are comfortable with that. 4) If you don't want the agent to call the skill autonomously, disable autonomous invocation or require user confirmation in your agent settings.
Review Dimensions
- Purpose & Capability
- okThe name/description (Outreach integration) match the runtime instructions: the skill instructs the agent to use the Membrane CLI to connect to Outreach and run actions. Required capabilities (network access, a Membrane account, and the Membrane CLI) are coherent with the stated purpose.
- Instruction Scope
- noteSKILL.md stays on-topic: it documents installing and using the Membrane CLI to create/list connections and run Outreach-related actions. It does not instruct reading unrelated system files or unrelated environment variables. Note: using the CLI means user queries, connection metadata, and action descriptors are sent to Membrane's service (the skill expects Membrane to build/run actions), so user data and credentials are transmitted to that third-party service.
- Install Mechanism
- noteNo registry install spec exists; instead the README instructs installing @membranehq/cli via npm (-g). This is a public npm package install (moderate supply-chain risk compared with no install). The recommendation to install a global CLI is expected for this type of integration but requires trusting the npm package and its maintainer.
- Credentials
- okThe skill does not request unrelated environment variables or credentials. It requires a Membrane account and an Outreach connection (auth happens via Membrane). That is proportionate to the purpose, but it does mean you must trust Membrane to manage/outstore Outreach credentials and tokens.
- Persistence & Privilege
- okalways is false and the skill is user-invocable; it does not request persistent platform privileges or modifications to other skills. Autonomous invocation is allowed by default but not combined with any other high-risk factor here.