Skillv1.0.3

ClawScan security

Pilvio · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 22, 2026, 11:51 AM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's instructions and requirements are coherent for a Pilvio integration that uses the Membrane CLI, but it asks the user to install a global npm CLI which has the usual risks of executing third‑party code — review the package or use npx if you prefer not to install globally.
Guidance: This skill appears coherent for interacting with Pilvio via Membrane. Before installing or running the recommended commands: 1) Prefer npx (npx @membranehq/cli@latest ...) if you want to avoid a global install; 2) Inspect the @membranehq/cli package on npm/GitHub (publisher, downloads, recent activity) before running npm install -g; 3) Be cautious when pasting any short-lived login code or tokens into chat—complete the browser flow only in your browser and do not share codes in public channels; 4) If you manage sensitive systems, run the CLI on a trusted machine or container; 5) If you need higher assurance, ask for the package's checksum or a signed release and verify it prior to installation.

Review Dimensions

Purpose & Capability: okName/description (Pilvio integration) match the runtime instructions: the SKILL.md consistently instructs use of Membrane CLI and the pilvio connector to manage Pilvio resources. Required capabilities (network and a Membrane account) are appropriate.
Instruction Scope: okInstructions are focused on installing and using the Membrane CLI, authenticating via the browser flow, creating connections, discovering and running actions. They do not ask the agent to read unrelated local files, harvest environment variables, or exfiltrate data to unexpected endpoints. The guidance to avoid asking users for API keys is appropriate.
Install Mechanism: noteNo embedded install spec in the skill bundle, but SKILL.md recommends installing @membranehq/cli globally via npm (npm install -g). Installing a global npm package is a legitimate way to get a CLI but grants execution of third‑party code on the host; consider using npx or verifying the package on the npm registry/github before installing.
Credentials: okThe skill does not declare or require any environment variables, secrets, or config paths. Authentication is delegated to Membrane's browser login flow rather than asking for API keys locally, which is proportionate to the stated purpose.
Persistence & Privilege: okThe skill is instruction-only, not always-enabled, and does not request any persistent agent/system privileges. Autonomous model invocation is allowed (platform default) but there is no added 'always' privilege or requests to modify other skills/configs.