Back to skill
Skillv1.0.3
ClawScan security
Snapscan · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 22, 2026, 9:31 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's requirements and instructions match its stated purpose (interacting with SnapScan via the Membrane CLI); it is internally coherent but requires installing and trusting a third‑party CLI (Membrane).
- Guidance
- This skill is coherent for SnapScan integration but requires installing and trusting the Membrane CLI (npm package published by @membranehq). Before installing, verify Membrane's reputation and privacy policy (what they store and how they use credentials), prefer `npx` or running the CLI inside an isolated environment or container instead of global npm install, and confirm the repository/homepage links match the vendor. Because Membrane handles auth server-side, you will be delegating SnapScan credentials and data flows to that service — if you need full control over credentials, reconsider or audit the connector implementation on the Membrane side.
Review Dimensions
- Purpose & Capability
- okThe name/description (SnapScan integration) aligns with the instructions: all runtime steps use the Membrane CLI to connect to SnapScan, discover and run actions, and handle auth. No unrelated credentials, binaries, or config paths are requested.
- Instruction Scope
- okSKILL.md stays on scope: it tells the agent to install/run Membrane CLI, perform login, create a connection, list/search/create/run actions, and use JSON flags. It does not instruct reading arbitrary local files or requesting unrelated secrets. It encourages using Membrane for auth and not asking the user for API keys.
- Install Mechanism
- noteThere is no platform-level install spec in the registry (skill is instruction-only), but the runtime instructions tell users to run `npm install -g @membranehq/cli@latest` (and sometimes `npx ...`). Installing a third-party npm CLI globally is a normal way to get this functionality but does introduce the usual supply-chain/runtime risk of running remote package code. Using `npx` or an isolated environment/container can reduce risk.
- Credentials
- okThe skill requests no environment variables, no credentials, and no config paths. It delegates credential management to Membrane (server-side). This is proportionate for a connector-based integration, though it means you must trust Membrane to hold/handle your SnapScan credentials and data.
- Persistence & Privilege
- okThe skill is instruction-only and not marked always:true. It does not request persistent platform-level privileges or to modify other skills' configs. Autonomous model invocation is allowed (default) but is not combined with other red flags.