Back to skill
Skillv1.0.2
ClawScan security
Paypal · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 2, 2026, 8:41 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's instructions and requirements are internally consistent with a PayPal integration that uses the Membrane CLI; nothing requests unrelated credentials or system access, though there are minor documentation/packaging inconsistencies to verify before installing.
- Guidance
- This skill appears coherent and focused on using the Membrane CLI to access PayPal. Before installing or using it: (1) confirm you trust the @membranehq/cli npm package and the Membrane service (verify publisher, package repo, and homepage); (2) be aware you will need a Membrane account and will authenticate via a browser flow that grants Membrane access to your PayPal data—review the requested OAuth scopes in that flow; (3) the SKILL.md requires installing a global npm CLI even though metadata lists no required binaries, so ensure your environment policy allows that and that you audit the CLI before installation; (4) if you need to run this in an automated/CI environment, review Membrane's headless login flow and the security of any tokens it persists. If any of these points are unacceptable, do not install or grant account access.
Review Dimensions
- Purpose & Capability
- noteThe skill claims to integrate with PayPal via Membrane and the SKILL.md consistently documents Membrane CLI usage and PayPal actions. Minor inconsistency: registry metadata lists 'Required binaries: none' but the runtime instructions require the 'membrane' CLI be installed and executable.
- Instruction Scope
- okAll runtime instructions are limited to installing and using the Membrane CLI, creating connections, listing and running actions, and proxying requests to PayPal. The instructions do not ask the agent to read unrelated files, environment variables, or exfiltrate data outside Membrane/PayPal flows.
- Install Mechanism
- noteThe skill is instruction-only (no install spec), but SKILL.md tells users to run 'npm install -g @membranehq/cli'. Installing a public npm CLI is a normal step but carries the usual supply-chain risk of npm packages—verify the package name/maintainer before installing and prefer audited environments.
- Credentials
- okThe skill requests no environment variables or credentials itself and explicitly delegates authentication to Membrane (browser OAuth flow). That is proportionate for a connector that proxies to PayPal; it does not ask for unrelated secrets.
- Persistence & Privilege
- okThe skill is not always-enabled and does not include install-time scripts or code that would persist or modify other skills. Autonomous invocation is allowed (platform default) but there are no added persistence or privilege escalations in the package.