Skillv1.0.1

ClawScan security

Pageclip · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 22, 2026, 11:09 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill generally matches its stated purpose (a Pageclip integration via the Membrane CLI) but the manifest omits key runtime requirements and install details, so the package metadata and instructions are not fully consistent.
Guidance: This skill appears to be a Pageclip integration that uses the Membrane platform. Before installing or running commands: 1) Know that SKILL.md expects you to have Node/npm (and will ask you to npm install -g @membranehq/cli or use npx) even though the manifest omits that — verify you are comfortable installing a global npm package from @membranehq. 2) The login flow opens a browser or uses a headless auth code; authentication and tokens are managed by Membrane (server-side). 3) Confirm getmembrane.com and the npm package publisher are legitimate and trustworthy (check the npm package page, GitHub repo, and reviews). 4) If you want stricter guarantees, ask the skill author to add an install spec or to declare required binaries (node/npm, membrane CLI) in the manifest, and to document exactly what data is sent to Membrane. 5) Because this is instruction-only (no code files), the static scanner found nothing — absence of findings is not proof of safety.

Review Dimensions

Purpose & Capability: noteThe skill is an integration proxy for Pageclip implemented via the Membrane platform — that fits the skill name/description. However, the manifest declares no required binaries or env vars while the instructions rely on the Membrane CLI (installed via npm) and use npx in examples; this is an inconsistency between declared requirements and actual capabilities.
Instruction Scope: okSKILL.md instructs only to install and use the Membrane CLI, authenticate, create a connection to the Pageclip connector, discover actions, and run them. It does not instruct reading unrelated files, exfiltrating local secrets, or touching unrelated system paths. It does require interactive login or a headless auth flow, which is expected for an external service.
Install Mechanism: noteThere is no install spec in the registry metadata even though SKILL.md instructs installing @membranehq/cli via npm (global) and uses npx in examples. Installing a package from the public npm registry is moderate-risk but common; the manifest should declare this runtime dependency (node/npm and the CLI) or provide an install spec. Verify the npm package and publisher before installing.
Credentials: okThe skill itself requests no environment variables or local credentials and delegates auth to Membrane's service-side credential management, which is proportionate. Be aware the flow requires a Membrane account and will result in tokens managed by the remote Membrane service (not local env variables).
Persistence & Privilege: okThe skill is not always-enabled and does not request elevated platform privileges. It does allow normal autonomous invocation (platform default), which increases impact if the skill were malicious, but there are no additional persistence or cross-skill configuration actions described.