Skillv1.0.3

ClawScan security

Planyo Online Booking · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 22, 2026, 12:12 PM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's instructions and requirements are coherent with a Planyo integration that delegates auth and API calls to the Membrane platform, but it recommends installing an external CLI (npm install -g @membranehq/cli@latest) which carries typical supply‑chain and privilege considerations the user should review.
Guidance: This skill appears to do what it says: it uses the Membrane platform to integrate with Planyo. Before installing or using it, consider: (1) verify you trust Membrane/getmembrane.com and the @membranehq npm package (check the publisher, GitHub repo, and package integrity); (2) prefer installing a specific CLI version rather than `@latest` to reduce supply‑chain surprises; (3) be aware that authenticating via the browser gives Membrane server-side access to your Planyo connection — review their privacy/security docs; (4) the CLI will store credentials locally (normal for CLIs) — if you need stricter isolation, run it in a sandbox or ephemeral environment; (5) if you need higher assurance, ask the skill author for a signed release or pinned package hash. Overall the skill is internally consistent, but these operational trust and supply‑chain checks are advisable.

Review Dimensions

Purpose & Capability: okThe name/description match the runtime instructions: the skill tells the agent to use the Membrane CLI to connect to a Planyo connector and run/discover actions. Required items (network access, a Membrane account) align with that purpose; there are no unrelated env vars or binaries requested.
Instruction Scope: okSKILL.md stays on-topic: it only instructs installing the Membrane CLI, authenticating (browser/code flow), creating a connection, discovering/creating actions, and running actions. It does not ask the agent to read unrelated files, environment variables, or transmit data to unknown endpoints beyond Membrane/Planyo flows.
Install Mechanism: noteThere is no formal install spec in the metadata; the doc recommends running `npm install -g @membranehq/cli@latest`. Installing a global package from the public npm registry is a common but moderate supply‑chain risk (running third‑party code on the host and using the `latest` tag may change behavior over time). Consider pinning to a version and verifying the package source.
Credentials: okThe skill declares no required env vars or secrets. It explicitly directs credentials to be managed by Membrane rather than asking for API keys locally, which is proportionate but does centralize trust in the Membrane service.
Persistence & Privilege: okThe skill is not forced-always, and it uses normal autonomous invocation defaults. It does not request system-wide or other-skills configuration changes. Note: the Membrane CLI will persist its own config/credentials locally when you log in, which is expected for a CLI.