Back to skill
Skillv1.0.3
ClawScan security
Penneo · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 22, 2026, 9:28 PM
- Verdict
- benign
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's instructions and requirements line up with its stated purpose (Penneo via Membrane CLI); main risks are installing an npm CLI (@latest/global) and trusting the external Membrane service for auth and data handling.
- Guidance
- This skill appears coherent for integrating Penneo via Membrane, but before installing: 1) confirm you trust the Membrane project/getmembrane.com and the npm package owner (@membranehq); 2) prefer using npx or installing a specific, reviewed version instead of a global @latest to reduce supply-chain risk; 3) review the permissions and data Membrane will access for your Penneo connection and revoke connections when no longer needed; 4) avoid pasting sensitive local secrets into the CLI and verify the authorization URL is legitimate when completing login.
Review Dimensions
- Purpose & Capability
- okThe name/description (Penneo integration) matches the instructions: the SKILL.md uses the Membrane CLI to create connections and run actions against Penneo. No unrelated credentials or binaries are requested.
- Instruction Scope
- okAll runtime steps are limited to installing/using the Membrane CLI, logging in, creating a connection, discovering and running actions. The instructions do not ask the agent to read arbitrary system files, harvest environment variables, or transmit data to unexpected endpoints.
- Install Mechanism
- noteThis is an instruction-only skill but tells the user to install @membranehq/cli via npm (global install or npx). Installing packages from npm is common and expected here, but using @latest/global increases risk (package compromise or unexpected updates). The skill provides no pinned version or checksum and will cause code to be written to disk when the user follows the instructions.
- Credentials
- okThe skill declares no environment variables or credentials and the README explicitly recommends letting Membrane handle auth rather than asking for API keys. Requested access is proportional to the purpose (network + Membrane account).
- Persistence & Privilege
- okThe skill is not always-enabled and is user-invocable. It instructs use of membrane login which will store connection tokens in the Membrane CLI configuration (expected). There is no request to modify other skills or system-wide agent settings.