Back to skill
Skillv1.0.3
ClawScan security
Rock Rms · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousApr 22, 2026, 1:21 PM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's stated purpose (Rock RMS integration) is plausible, but the runtime instructions require use of an external Membrane account/network access while the skill declares no credentials or config requirements — an inconsistency that deserves clarification before installing.
- Guidance
- This skill looks like a simple Rock RMS connector, but it says it requires a Membrane account while not declaring any credentials — ask the publisher or maintainer how authentication is performed. Before installing: (1) confirm where Rock RMS credentials are entered (platform-provided OAuth vs. environment variables vs. sending credentials to an external service), (2) confirm what endpoints data is sent to (does Membrane proxy your Rock RMS data?), (3) review the publisher/repository for source code or a privacy/security policy, and (4) avoid installing if you cannot verify how sensitive data (person records, transactions) will be transmitted and stored. If you proceed, limit permissions and test with non-production data first.
Review Dimensions
- Purpose & Capability
- noteName and description match the content: this is a connector for Rock RMS data. However the SKILL.md explicitly says it 'Requires network access and a valid Membrane account', yet the skill metadata lists no required environment variables, credentials, or config paths. That mismatch between the claimed external-account dependency and the declared requirements is unexpected.
- Instruction Scope
- noteThe SKILL.md (instruction-only, no code) describes interacting with Rock RMS entities and states it uses Membrane (an external service). The instructions therefore imply network calls and handling of Rock RMS data. The file does not appear to instruct the agent to access unrelated local files or system secrets, but it also does not document how credentials are supplied or how data is transmitted to Membrane.
- Install Mechanism
- okThere is no install spec and no code files — the skill is instruction-only, so nothing is downloaded or written to disk by the skill bundle itself.
- Credentials
- concernThe skill requires an external Membrane account (per SKILL.md) but declares no primary credential or required environment variables. That omission is disproportionate: integrating with Rock RMS normally requires API credentials or OAuth tokens. It's unclear how credentials are provided to the skill, where Rock RMS data is routed (direct to Rock RMS or via Membrane), or what sensitive data might be transmitted to the Membrane service.
- Persistence & Privilege
- okThe skill does not request always:true, does not modify other skills, and presents no installation hooks. Autonomous invocation is allowed (default) but that is normal and not by itself flagged; there's no sign the skill asks for elevated or persistent system privileges.