Back to skill
Skillv1.0.3
ClawScan security
Richrelevance · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 22, 2026, 7:27 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is internally consistent: it is an instruction-only integration that delegates auth and API calls to the Membrane CLI and does not request unrelated credentials or filesystem access.
- Guidance
- This skill appears coherent, but it relies on the third-party Membrane CLI and service. Before installing or using it: (1) verify the @membranehq/cli package and its GitHub repo (https://github.com/membranedev/application-skills and https://getmembrane.com) to ensure you trust the publisher; (2) prefer using `npx @membranehq/cli@latest` or install in an isolated environment to avoid global npm supply-chain risk; (3) understand that authentication is handled server-side by Membrane—review their privacy/security docs and the permissions the RichRelevance connector will get; and (4) limit the agent's network or runtime privileges if you want to reduce blast radius when the agent invokes the CLI autonomously.
Review Dimensions
- Purpose & Capability
- okName/description (RichRelevance/Algonomy integration) align with the instructions which use the Membrane CLI to create connections and run actions against that connector. The required capabilities (network access and a Membrane account) are appropriate for this purpose.
- Instruction Scope
- okSKILL.md only instructs installing/using the Membrane CLI, logging in, creating a RichRelevance connection, discovering and running actions, and preferring Membrane-managed credentials. It does not ask the agent to read unrelated files, access unrelated env vars, or exfiltrate data to unexpected endpoints.
- Install Mechanism
- noteNo install spec in the skill bundle, but the instructions tell users to run `npm install -g @membranehq/cli@latest` (or use npx). Installing/running an npm CLI executes third-party code from the npm registry, which is expected for a CLI but carries the usual supply-chain risk—verify the package source (GitHub repo, maintainer) before installing globally.
- Credentials
- okThe skill declares no required environment variables or credentials. It intentionally delegates auth to Membrane (server-side), which is consistent with the guidance in SKILL.md. There are no extraneous credential requests.
- Persistence & Privilege
- okThe skill is instruction-only, always:false, and user-invocable. It does not request permanent inclusion or modify other skills' configs. Autonomous invocation is allowed by default but not combined with other red flags here.