Back to skill
Skillv1.0.3
ClawScan security
Rillet · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousApr 21, 2026, 2:04 PM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill is mostly a wrapper around the Membrane CLI (which explains many instructions) but the SKILL.md contains conflicting descriptions of what 'Rillet' does and an action list that doesn't match the stated purpose; it also tells users to install an external npm CLI — verify before installing.
- Guidance
- This skill delegates all work to the Membrane CLI — confirm you trust @membranehq and the getmembrane.com project before installing a global npm package. The SKILL.md shows conflicting descriptions: it calls Rillet a social‑media marketing app but lists accounting-related actions (invoices, bills, vendors). Ask the publisher which domain is correct and whether the 'rillet' connector actually maps to the product you expect. If you proceed: (1) inspect the npm package (repository, maintainers, recent releases) instead of blindly using 'latest', (2) prefer running the CLI in a disposable environment or container if you are unsure, (3) avoid pasting secrets into chat and follow the Membrane login flow so credentials remain managed by Membrane, and (4) if you need autonomous agent use, be cautious — although the skill itself doesn't request extra credentials, an agent with network access plus a CLI that holds connection tokens can act on your behalf, so enable only if you trust the connector and account.
Review Dimensions
- Purpose & Capability
- concernThe skill claims to integrate with 'Rillet' (described as a social-media marketing SaaS) but the 'Popular actions' table lists invoices, bills, vendors, customers, products, contracts and journal entries (accounting/ERP domain). The skill correctly requires the Membrane CLI to reach external services (consistent with a Membrane connector), but the mismatch between the product description and the action list is unexplained and suspicious.
- Instruction Scope
- noteSKILL.md is instruction-only and tells the agent/user to install and run the Membrane CLI, perform interactive or headless login, create a 'rillet' connection, list/search/run Membrane actions, and create actions if missing. Instructions do not ask to read unrelated local files or environment variables and explicitly recommend not asking users for API keys — scope is limited to using Membrane, though the content inconsistencies (see purpose) reduce trust.
- Install Mechanism
- noteThere is no platform install spec, but the SKILL.md instructs users to run 'npm install -g @membranehq/cli@latest' (global npm install). Installing a third‑party CLI from npm is a moderate-risk operation — validate the package and publisher before installing and prefer explicit pinned versions over 'latest'.
- Credentials
- okThe skill declares no required environment variables or credentials and relies on the Membrane CLI's interactive/auth flow. This is proportionate to a connector-based integration; it does not request unrelated secrets in the SKILL.md.
- Persistence & Privilege
- okThe skill does not request 'always: true' or other elevated persistent privileges. It's an instruction-only skill that relies on the Membrane CLI; it doesn't modify other skills or system-wide config according to the provided material.