Skillv1.0.3

ClawScan security

Predicthq · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 22, 2026, 1:50 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's requested actions and instructions align with its stated purpose (using the Membrane CLI to access PredictHQ) and there are no disproportionate credential or file-access demands, but the installation step (npm global install) is a moderate operational risk you should verify before running.
Guidance: This skill is an instruction-only integration that tells you to install and use the Membrane CLI to access PredictHQ. Before proceeding: 1) Verify the npm package and GitHub repository (@membranehq/cli) are legitimate and maintained by the expected vendor; 2) Understand that `npm install -g` will place a binary on your system—prefer using npx if you want to avoid a global install; 3) Review what account/tenant you log into with `membrane login` (it hands auth to Membrane server-side); and 4) If you're uncomfortable granting a third-party service access to your PredictHQ data via Membrane, do not create the connection. Everything else in the skill is consistent with its stated purpose.

Review Dimensions

Purpose & Capability: okName/description promise (PredictHQ integration) matches the instructions: all runtime steps use the Membrane CLI to create a PredictHQ connection, discover and run actions, and manage resources. Requiring a Membrane account and network access is appropriate for this integration.
Instruction Scope: okSKILL.md instructs only CLI interactions (membrane login, connect, action list/create/run). It does not ask the agent to read arbitrary local files, exfiltrate environment variables, or interact with unrelated services. The guidance to use --json and headless login is consistent with CLI tooling.
Install Mechanism: noteThere is no registry install spec (instruction-only), but the README tells the user to run `npm install -g @membranehq/cli@latest` (or use npx). Installing a global npm package is a reasonable way to obtain the CLI, but it is an operation that writes to the system; verify the package name, publisher, and npm/github pages before running. This is a moderate operational risk (not inherently malicious).
Credentials: okThe skill declares no required env vars or credentials. The instructions rely on Membrane to manage credentials server-side (explicitly advising not to ask users for API keys), which is proportionate and reduces local secret exposure.
Persistence & Privilege: okalways is false and the skill is user-invocable. There is no request for permanent/always-on presence or for modifying other skills or system-wide agent settings.