Back to skill
Skillv1.0.3
ClawScan security
Qadeputy · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousApr 22, 2026, 9:16 PM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's runtime instructions (Membrane CLI usage) match a connector integration, but the name/description/content are inconsistent — the file describes a workforce-management API (Deputy) while the skill claims to be a QA/test platform (QADeputy), which is unexplained and potentially misleading.
- Guidance
- This skill appears to be an integration that uses the Membrane CLI, which is reasonable, but the documentation and naming are inconsistent: the SKILL.md describes Deputy (shift/timesheet/staff) while the skill name claims 'QADeputy' (a QA tool). Before installing or using it: 1) confirm with the skill author/owner which product the connector targets (Deputy vs a QA platform) to avoid sending data to the wrong service; 2) verify the NPM package @membranehq/cli is the legitimate package from Membrane and consider installing it in a sandbox or CI runner first; 3) if you care about which data is accessed, ask what the connector's scopes/permissions are and inspect the connection output/IDs produced by membrane connect; 4) if you need higher assurance, request a corrected SKILL.md or provenance (repo or publisher info) showing the connector maps to the intended service.
Review Dimensions
- Purpose & Capability
- concernThe skill claims to be a 'QADeputy' QA/testing integration, but the documented entities (Shift, Timesheet, Staff Member, Roster, etc.) and the 'Official docs' URL point to Deputy (a workforce scheduling product). The connector key used is 'qadeputy' which may be a simple name mismatch, but this inconsistency between claimed purpose and the actual API surface is unexpected and unexplained.
- Instruction Scope
- okSKILL.md contains clear, scoped runtime instructions that only direct the agent to install and use the Membrane CLI, create connections, discover and run Membrane actions, and authenticate via the standard login flow. It does not instruct reading unrelated files, storing secrets locally, or exfiltrating data outside the Membrane flow.
- Install Mechanism
- okThe install step recommends npm install -g @membranehq/cli@latest, which is a public npm package (moderate risk in general). There is no arbitrary URL download or archive extraction. Installing a global npm package requires host privileges; confirm package identity before installing on sensitive hosts.
- Credentials
- okThe skill requests no environment variables, credentials, or config paths. Authentication is delegated to Membrane's login flow (interactive/browser or headless code exchange), and the instructions explicitly advise not to ask users for API keys. Requested privileges appear proportionate to the described CLI usage.
- Persistence & Privilege
- okThe skill is instruction-only, has no install spec that writes files, and is not set to always:true. It does not request persistent presence or system-wide configuration changes.