Skillv1.0.3

ClawScan security

Pabbly · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 22, 2026, 1:15 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's instructions reasonably match a Pabbly integration via the Membrane CLI, but metadata omits required tooling and the runtime asks you to install a third‑party CLI (npm package) and to trust Membrane's service with your Pabbly connection — these gaps warrant caution.
Guidance: Before installing or using this skill: 1) Verify the origin — the repo/homepage mentioned (getmembrane.com and GitHub link) should match the publisher you trust; the registry owner ID is opaque here. 2) Be aware you'll be asked to install a global npm package (@membranehq/cli) — review that package on the npm registry and the linked GitHub code before installing. 3) Using this skill requires logging into Membrane and creating a Membrane connection to Pabbly; that gives Membrane server-side access to your Pabbly account/data, so confirm you trust Membrane and understand the permission scopes. 4) Because the registry metadata omitted required binaries, treat the SKILL.md's install commands as manual actions you should run and inspect yourself rather than allowing any automated install. 5) If you proceed, run the CLI manually, inspect what it does, and review the action/connection permissions that are granted; if possible, use least-privileged or test accounts for initial evaluation.

Review Dimensions

Purpose & Capability: concernThe SKILL.md describes a Pabbly integration driven entirely through the Membrane CLI which is coherent with the stated purpose. However the skill metadata declares no required binaries or credentials even though the instructions require npm/node (global install) and the Membrane CLI. The omission of those required tools in the metadata is an inconsistency.
Instruction Scope: noteInstructions stay within the Pabbly integration scope: install Membrane CLI, authenticate via membrane login, create/connect actions, list/run actions. The doc does not instruct reading unrelated files or exfiltrating secrets. It does, however, direct the user to perform interactive authentication and to rely on Membrane's server-side credential handling (which means trusting a third party).
Install Mechanism: concernThere is no formal install spec in the registry, but the SKILL.md instructs running 'npm install -g @membranehq/cli@latest' and uses 'npx'. Installing a global npm package pulls code from the public npm registry and writes to the system — this is a moderate-risk operation and should have been declared explicitly in the metadata.
Credentials: okThe skill requests no environment variables and explicitly states Membrane manages auth and credentials server-side so local API keys are not required. That is proportionate to the described approach, though it means you must trust Membrane with access to your Pabbly data.
Persistence & Privilege: okThe skill does not request 'always' presence and has no install-time persistence or system-wide configuration changes in its metadata. Autonomous invocation is allowed (platform default) but not combined with other high-risk flags.