Back to skill
Skillv1.0.3
ClawScan security
Sendgrid · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 21, 2026, 2:05 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- This is an instruction-only SendGrid integration that uses the Membrane CLI; the requested actions and installation are consistent with the stated purpose, though installing a third‑party CLI and granting it access to your accounts is the main operational risk to review.
- Guidance
- This skill is internally consistent, but installing and using @membranehq/cli gives that CLI effective access to your SendGrid connection. Before installing: 1) verify the @membranehq/cli package (npm page, GitHub repo) and the getmembrane.com/getmembrane organization; 2) review the permissions/scopes requested during the Membrane login/connect flow; 3) prefer running the CLI in a controlled environment (not a production server with broad privileges) and use least-privilege SendGrid connections; 4) know how to revoke the connection or tokens in Membrane/SendGrid if you no longer trust the integration.
Review Dimensions
- Purpose & Capability
- okThe skill is named for SendGrid and its SKILL.md describes managing SendGrid resources. All runtime instructions relate to discovering and running SendGrid actions via the Membrane CLI and a Membrane account, which is coherent with the stated purpose.
- Instruction Scope
- okInstructions are limited to installing the Membrane CLI, authenticating through Membrane, creating a connection to SendGrid, discovering and running actions. The SKILL.md does not instruct reading unrelated files, requiring unrelated env vars, or sending data to unexpected endpoints beyond Membrane/SendGrid.
- Install Mechanism
- noteNo arbitrary downloads or extracted archives; installation is an npm -g package (@membranehq/cli). This is an expected mechanism for a CLI but carries the usual third-party-package risk (you should verify the package's provenance and permissions).
- Credentials
- okrequires.env is empty and SKILL.md does not ask for unrelated secrets. Authentication is handled through the Membrane CLI flow (browser-based or headless code exchange), which means credentials/tokens will be managed by Membrane rather than the skill directly — reasonable, but you must trust the Membrane service/CLI to handle tokens appropriately.
- Persistence & Privilege
- okalways is false and the skill is user-invocable / agent-invocable (normal). The skill does instruct installing a CLI which will store auth state locally (or in Membrane-managed storage), but it does not request system-wide modifications or other skills' configurations.