Back to skill
Skillv1.0.3
ClawScan security
Realgeeks · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 22, 2026, 12:22 PM
- Verdict
- benign
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill is internally consistent: it directs the agent to use the Membrane CLI to access RealGeeks and does not ask for unrelated credentials or system access, but it relies on installing a third-party CLI and trusting the Membrane service.
- Guidance
- This skill is coherent: it uses the Membrane CLI to access RealGeeks rather than asking you for API keys. Before installing or running it, consider: 1) Review the @membranehq/cli package on npm/GitHub to verify its source and recent activity. 2) Prefer using npx or a local/virtual environment instead of a global npm install to limit system exposure. 3) Understand that 'membrane login' will create local CLI credentials and will authorize the Membrane service to access your RealGeeks data—only proceed if you trust that service and review what scopes/permissions the connector requests. 4) Avoid pasting unrelated secrets into prompts; only complete the OAuth flow in your browser when you expect it. If you want stronger assurance, ask the skill author for a signed repository URL, or run the CLI in an isolated VM or container first.
- Findings
[no-regex-findings] expected: The bundle contains only SKILL.md (instruction-only). The regex-based scanner found nothing because there are no code files to analyze; this is expected for a CLI-instruction skill.
Review Dimensions
- Purpose & Capability
- okThe name/description (RealGeeks integration) match the instructions: all actions use the Membrane CLI to connect to RealGeeks. There are no unrelated required env vars, binaries, or config paths listed. Requiring network access and a Membrane account is proportional to the stated purpose.
- Instruction Scope
- okSKILL.md limits runtime steps to installing/using the Membrane CLI, authenticating via the browser, creating/listing connections and actions, and running actions. It does not instruct the agent to read arbitrary local files, exfiltrate unrelated data, or access unrelated credentials. It does instruct the user/agent to perform OAuth-like login flows and to use CLI commands that return JSON.
- Install Mechanism
- noteThere is no formal install spec in the registry, but SKILL.md tells users to run 'npm install -g @membranehq/cli@latest' (or npx). Installing a global npm CLI is a common pattern but introduces moderate risk: it downloads third-party code from the npm registry and will place a binary on the system. This is expected for a Membrane-based integration, but users should verify the package (npm page/GitHub) before installing and prefer non-global installs or isolated environments if concerned.
- Credentials
- okThe skill declares no required environment variables or primary credential. The instructions explicitly advise against requesting API keys and instead rely on Membrane to manage credentials server-side. This is proportionate, though it does mean you must trust Membrane with authentication to RealGeeks.
- Persistence & Privilege
- noteThe skill itself is instruction-only and not 'always' installed. However, running the Membrane CLI and performing 'membrane login' will create local CLI state/credentials and create connections accessible to Membrane's service. The skill does not request elevated platform privileges or modify other skills' configs, but installing and logging in to the CLI gives the Membrane service and local CLI write access to configuration and stored auth tokens.