Skillv1.0.3

ClawScan security

Podio · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 21, 2026, 2:10 PM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's instructions and requirements are consistent with a Podio integration that uses the third‑party Membrane CLI, but it asks the user to install and rely on an external npm CLI which introduces supply‑chain and data‑flow considerations you should review before installing.
Guidance: This skill appears to do what it says: it integrates with Podio by delegating work to the Membrane CLI. Before installing or using it: 1) Verify the @membranehq npm package and the vendor (check the npm page, package maintainers, and the GitHub repo) to reduce supply‑chain risk. 2) Understand that Podio data and auth will flow through Membrane's service — review their privacy/security docs and decide if you trust that third party with your data. 3) Prefer installing the CLI in a controlled environment (not as root on a production host) or use a container/sandbox. 4) Confirm you are comfortable with the CLI storing connection tokens locally or server‑side (check where Membrane stores credentials). If you need more assurance, request an explicit install spec or signed release URLs from the skill author.

Review Dimensions

Purpose & Capability: okThe name/description (Podio integration) matches the runtime instructions: the SKILL.md directs the agent to use the Membrane CLI to connect to Podio, discover actions, and run them. No unrelated services, credentials, or binaries are requested.
Instruction Scope: noteInstructions are scoped to installing and using the Membrane CLI (login, connect, action list/create/run) and do not request reading unrelated files or env vars. Important privacy/security note: using Membrane means Podio data and authentication flows will be handled by Membrane's service/servers (the skill explicitly relies on Membrane doing auth server‑side), so data will transit/are handled outside the user's environment.
Install Mechanism: concernThis is an instruction‑only skill but it directs users to run `npm install -g @membranehq/cli@latest` to obtain a global CLI from the public npm registry. Installing a global npm package is a moderate supply‑chain risk (arbitrary code from a package registry). The SKILL metadata did not list required binaries even though the CLI and Node/npm are effectively required.
Credentials: noteThe skill declares no required env vars or credentials (good), and explicitly advises NOT to ask users for Podio API keys because Membrane manages auth. However, the SKILL.md relies on the Membrane CLI to store/manage tokens and create connections (which may persist locally or on Membrane servers) — these credential/storage behaviors are not described in the registry metadata and are important to consider.
Persistence & Privilege: noteThe skill itself does not request always:true and has no install spec in the registry, so it doesn't demand persistent platform privileges. However, following its instructions will install a global CLI binary (system‑level change if user runs the npm command), and the Membrane client will create persistent connections/credentials outside the skill. The skill does not modify other skills or agent configs itself.