Skillv1.0.3

ClawScan security

Proworkflow · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 22, 2026, 12:06 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill generally matches a ProWorkflow integration but omits an explicit requirement for the Membrane CLI it instructs you to install and relies on a third‑party service (Membrane) to hold credentials — both of which merit extra review before installing or trusting it.
Guidance: This skill appears to be a straightforward Membrane-based ProWorkflow integration, but there are two things to check before installing or using it: (1) the SKILL.md expects you to install the '@membranehq/cli' npm package, but that dependency is not declared in the registry metadata — ask the publisher why it was omitted; (2) the integration offloads authentication and credential storage to Membrane (getmembrane.com). If you will grant Membrane access to your ProWorkflow account, review Membrane's documentation, privacy policy, and the npm package source (or the GitHub repo) to confirm you trust the vendor. Also be mindful that running 'npm install -g' requires elevated permissions on some systems — prefer using npx or a scoped install if you want to avoid global installs. If the publisher can update the skill metadata to declare the CLI dependency and provide a link to the exact npm package/release and privacy/security documentation, that would reduce the remaining concerns.

Review Dimensions

Purpose & Capability: noteThe skill's stated purpose (ProWorkflow integration) aligns with the instructions (use Membrane CLI to connect to ProWorkflow). However, the registry metadata lists no required binaries while the SKILL.md explicitly requires the 'membrane' CLI (npm global install). That mismatch — not declaring the required CLI — is an incoherence that should be explained by the publisher.
Instruction Scope: okThe runtime instructions are focused on using the Membrane CLI to discover, create, and run ProWorkflow actions. They do not request unrelated local files, other environment variables, or instruct exfiltration of data. The instructions also explicitly recommend not asking users for API keys and to let Membrane handle auth.
Install Mechanism: noteInstallation is instruction-only (no install spec), but the SKILL.md tells users to run 'npm install -g @membranehq/cli@latest'. Installing a global npm package is a reasonable mechanism for a CLI, but it carries the usual risks of global npm installs (privilege escalation on some systems) and relies on a public npm package. This is a moderate-risk install pattern and the skill should have declared this dependency in its metadata.
Credentials: noteThe registry metadata does not ask for any environment variables or credentials, and the SKILL.md likewise advises against requesting API keys (delegating auth to Membrane). That is proportionate. However, it does require a Membrane account and places trust in Membrane to manage credentials and tokens server-side — you should evaluate whether you trust Membrane (getmembrane.com) with access to your ProWorkflow data.
Persistence & Privilege: okThe skill is not forced (always: false), is user-invocable, and does not request persistent system-wide privileges or modify other skills. It does instruct installing a CLI, which will create a local binary if the user follows the instructions, but that behavior is typical for CLI-based integrations.