Skillv1.0.1

ClawScan security

Qualiobee · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 22, 2026, 9:31 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's behavior matches its stated purpose (using Membrane to access Qualiobee) but there are metadata and installation inconsistencies and you must trust an external service and a globally installed npm package—verify before proceeding.
Guidance: This skill appears to legitimately use the Membrane CLI to access Qualiobee, but take these precautions before installing or running it: 1) Verify the @membranehq/cli npm package and its publisher (check the package page and the referenced GitHub repo) and prefer a pinned version rather than `@latest`. 2) Avoid running global npm installs on sensitive hosts—use an isolated environment or container if you must. 3) Confirm you trust Membrane to manage credentials (review their privacy/security docs) because the skill relies on their server-side auth. 4) Do not paste unrelated secrets into the agent; in headless auth flows you may need to copy a code from your browser—only share that with trusted tooling. 5) Ask the skill author to update registry metadata to declare the required binary (membrane CLI) and to provide verification/pinning guidance; lacking that, treat the skill as untrusted until you can validate the CLI source.

Review Dimensions

Purpose & Capability: noteName/description claim a Qualiobee integration and the SKILL.md consistently describes using the Membrane CLI to access Qualiobee actions—this is coherent. However, the skill registry metadata lists no required binaries while the instructions explicitly require installing the @membranehq/cli; that metadata omission is inconsistent and worth noting.
Instruction Scope: okRuntime instructions are focused on installing and using the Membrane CLI, performing login, creating a connection, listing and running actions. The instructions do not ask the agent to read unrelated system files, environment variables, or to exfiltrate data to unexpected endpoints. They do rely on interactive browser auth or headless code-exchange flows which require user involvement.
Install Mechanism: concernThere is no declared install spec in the registry; the SKILL.md instructs users to run `npm install -g @membranehq/cli@latest`. Global npm installs modify the system and pull code from the npm registry (moderate risk). The skill does not provide a pinned version or verification instructions; verify the publisher, repository, and package contents before running a global install. Because install is instruction-only, the agent will not install anything automatically, but the user or operator may be asked to run these commands.
Credentials: noteThe skill declares no required environment variables and the instructions explicitly say Membrane manages credentials server-side (do not ask the user for API keys). This is proportionate, but it does require trusting a third-party service (Membrane) with auth and credential handling—confirm privacy/security posture before use.
Persistence & Privilege: okThe skill does not request always-on presence, does not modify other skills, and does not declare privileged persistence. Agent autonomous invocation is allowed (default) but that is not in itself a red flag for this skill.