Skillv1.0.5

ClawScan security

Sage Accounting · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 28, 2026, 9:14 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's instructions, required tools, and requested access are consistent with a Sage Accounting integration that uses the Membrane CLI; nothing requested is disproportionate to its stated purpose.
Guidance: This skill is internally consistent, but take standard precautions before installing and using it: verify the authenticity of the @membranehq/cli package (official publisher and version), prefer installing in an isolated environment if you’re cautious about global npm installs, confirm the Membrane homepage/repository links are legitimate, and understand that authentication occurs through a browser flow — your Sage credentials are entered into Sage/Membrane flows rather than supplied as env vars. If you need stricter auditing, ask the publisher for a pinned release artifact or review the Membrane CLI source before installing.

Review Dimensions

Purpose & Capability: okThe skill claims to integrate with Sage Accounting and all runtime instructions are about discovering and using a Membrane connection to Sage. Requiring the Membrane CLI and network access is coherent with that purpose; it does not request unrelated services or credentials.
Instruction Scope: okSKILL.md only instructs the agent to install and use the Membrane CLI, create/ensure connections, poll connection status, list actions, and call actions for accounting objects. It does not instruct reading unrelated files, scanning the system, or exfiltrating data to unexpected endpoints. Authentication is handled interactively via Membrane (browser flow / code), which is documented in the file.
Install Mechanism: noteThere is no install spec in the registry (instruction-only), but SKILL.md instructs installing @membranehq/cli globally via npm. Installing a global npm package executes third-party code from the npm registry — that is expected for this integration but is a supply-chain consideration. The instruction is explicit and uses a named package (@membranehq/cli), not an arbitrary URL or archive.
Credentials: okThe skill declares no required environment variables or credentials; authentication is done via the Membrane CLI interactive flow. No unrelated secrets or config paths are requested.
Persistence & Privilege: okThe skill does not request permanent/always-on presence and does not attempt to modify other skills or system-wide settings. Autonomous invocation is allowed by platform default, which is normal and not, by itself, a concern.