Back to skill
Skillv1.0.1
ClawScan security
Payfit · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 22, 2026, 11:17 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's instructions, requirements, and behavior are coherent with a PayFit integration that uses the Membrane CLI; it asks for no unrelated credentials and does not contain hidden install scripts, but it does rely on installing a third‑party CLI at runtime.
- Guidance
- This skill appears internally consistent for integrating PayFit via the Membrane service. Before installing or running it, verify you trust the Membrane project and the npm package (@membranehq/cli) — installing a global CLI pulls code from the npm registry. Prefer installing the CLI in a sandboxed environment or review the package's source/release pages on GitHub. Use the browser-based auth flow rather than pasting tokens into chat, and avoid sharing the one-time auth code in untrusted channels. If you require an offline or audit-friendly setup, confirm how Membrane stores connection credentials and whether it meets your org's compliance requirements.
Review Dimensions
- Purpose & Capability
- okName and description (PayFit integration) match the instructions: all actions use the Membrane CLI to connect to PayFit, discover actions, and run them. Nothing requested (no env vars, no config paths) is unrelated to integrating with PayFit.
- Instruction Scope
- okSKILL.md stays on-topic: it tells the agent to install and use the Membrane CLI, how to authenticate, create a connection to the PayFit connector, discover and run actions. It explicitly advises not to ask users for API keys and does not instruct reading unrelated system files or secrets.
- Install Mechanism
- noteThis is an instruction-only skill (no install spec), but the runtime docs instruct installing @membranehq/cli globally via npm (npm install -g ...). Installing a third-party npm CLI at runtime is a normal approach but carries the usual supply-chain/network risk of any npm global install; the skill itself does not bundle or download code.
- Credentials
- okThe skill declares no required environment variables or credentials. Authentication is delegated to Membrane's hosted flow (browser auth/code exchange) which is proportionate for a connector-based integration.
- Persistence & Privilege
- okFlags show no forced always-on presence and no special OS restrictions. The skill does not request modifications to other skills or system-wide config. Autonomous invocation is allowed (platform default) but not combined with other concerning privileges.