Back to skill
Skillv1.0.1
ClawScan security
Tomato Pay · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 22, 2026, 9:14 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is internally consistent: it describes a Tomato Pay integration implemented via the Membrane CLI and its instructions, required capabilities, and lack of requested secrets all align with that purpose.
- Guidance
- This skill appears coherent and is implemented via the Membrane CLI as described. Before installing/using it: verify the @membranehq/cli package and its publisher, prefer npx or pin a specific version instead of global `npm install -g ...@latest`, confirm you trust Membrane to broker Tomato Pay credentials (it handles auth server-side), and be aware the login flow may open a browser or require copy-pasting a code in headless environments. If you need stricter control, review Membrane's privacy/permissions and the connector's documentation (docs.tomatopay.com and getmembrane.com) before proceeding.
Review Dimensions
- Purpose & Capability
- okName and description match the instructions: the skill uses the Membrane CLI to manage Tomato Pay actions and connections. No unrelated credentials, binaries, or config paths are requested. Repository/homepage point to Membrane which is the expected integration surface.
- Instruction Scope
- okSKILL.md contains step-by-step CLI usage (install CLI, login, create connection, list and run actions). It does not instruct reading unrelated files, exfiltrating data, or collecting unrelated environment variables. It explicitly warns not to ask users for API keys.
- Install Mechanism
- noteThis is an instruction-only skill (no install spec), but it tells users/agents to install @membranehq/cli from npm (global install or use npx). That is reasonable for this integration, but installing global npm packages carries the usual supply-chain and privilege considerations; using npx or pinning a known-good version is safer than npm install -g @latest.
- Credentials
- okThe skill requests no environment variables or credentials. Authentication is delegated to Membrane's login flow. There are no unexplained or excessive secret requirements.
- Persistence & Privilege
- okalways is false and the skill is user-invocable. There is no code written to disk by the skill itself (instruction-only). Nothing indicates it would modify other skills or agent-wide settings.