Back to skill
Skillv1.0.1
ClawScan security
Stackstate · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 22, 2026, 9:08 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is internally consistent: it is an instruction-only integration that tells the agent to use the Membrane CLI to access StackState and does not request unrelated credentials or elevated privileges.
- Guidance
- This skill simply describes using the Membrane CLI to integrate with StackState. Before installing/using it: 1) Verify you trust the Membrane project — check the npm package (@membranehq/cli) and the GitHub repository referenced in SKILL.md. 2) Prefer npx or a containerized/sandboxed environment rather than installing global npm packages if you want to limit exposure. 3) The login flow uses a browser-based authorization code (Membrane manages credentials server-side); do not paste secret API keys into chat. 4) Review what data will be sent to Membrane and StackState (connectors/actions), and use least-privilege accounts for connections. 5) If you need higher assurance, inspect the CLI source code on the referenced repo and verify release provenance before installing.
Review Dimensions
- Purpose & Capability
- okThe name/description (StackState integration) matches the instructions, which consistently show how to use the Membrane CLI to connect to a StackState connector, discover and run actions. Required capabilities (network + Membrane account) are reasonable for the stated purpose.
- Instruction Scope
- okSKILL.md stays on-topic: it instructs installing and using the Membrane CLI, performing login/connect/list/create/run action workflows, and suggests best practices. It does not instruct reading unrelated files, scraping environment variables, or exfiltrating data to unexpected endpoints.
- Install Mechanism
- noteThe skill recommends installing a public npm package (@membranehq/cli@latest). That is expected for a CLI-based integration, but installing global npm packages runs third-party code as your user—verify the package source before installing and consider using npx or a sandboxed environment if you are cautious.
- Credentials
- okNo environment variables or credentials are requested by the skill. Authentication is handled via Membrane's interactive login flow (browser URL + code), which the instructions explicitly describe and recommend instead of asking for raw API keys—this is proportionate to the task.
- Persistence & Privilege
- okThe skill is instruction-only, does not request always:true, and does not ask to modify other skills or system-wide settings. Autonomous invocation is allowed (default) but not a unique or elevated claim by this skill.