Back to skill
Skillv1.0.3
ClawScan security
Sms It · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 22, 2026, 12:57 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is an instruction-only integration that coherently delegates SMS-IT work to the Membrane CLI; it asks for no secrets and its runtime instructions align with its stated purpose.
- Guidance
- This skill is coherent and uses the Membrane CLI to talk to SMS-IT. Before installing or running it: (1) Verify the @membranehq/cli package and the repository (check npm and the GitHub repo) to ensure you trust the publisher. (2) Prefer npx or pin a specific CLI version rather than installing @latest globally to reduce surprise changes. (3) When you complete the browser-based login, review what permissions the authorization grants to Membrane. (4) Do not paste unrelated secrets into the agent; the skill does not need API keys because Membrane stores credentials server-side. If you are uncomfortable installing third-party CLIs, consider running the commands in an isolated environment (VM/container) first.
Review Dimensions
- Purpose & Capability
- okName/description state an SMS-IT integration and the SKILL.md consistently instructs use of the Membrane CLI to connect to SMS-IT, discover actions, and run them. No unrelated credentials, binaries, or capabilities are requested.
- Instruction Scope
- okInstructions are narrowly scoped to installing and using the Membrane CLI (login, create connection, list and run actions). They do not ask the agent to read unrelated files or environment variables or to transmit data to unexpected endpoints.
- Install Mechanism
- noteThe SKILL.md instructs installing @membranehq/cli via npm (global install) or using npx. This is expected for a CLI-based integration but carries the usual caution: fetching and executing code from the npm registry (using the @latest tag) can change behavior over time. No install spec was included in the registry metadata (skill is instruction-only), so installation is manual and under the user's control.
- Credentials
- okThe skill requests no environment variables, no config paths, and no credentials. It explicitly recommends using Membrane's managed connections rather than asking users for API keys, which is proportionate to its purpose.
- Persistence & Privilege
- okThe skill is instruction-only and does not request always:true or other elevated persistent privileges. Autonomous invocation is allowed by platform default but the skill's flow requires the user to perform an interactive login/connection step, limiting silent privilege escalation.