Back to skill
Skillv1.0.3
ClawScan security
Tools4Ever · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousApr 22, 2026, 1:17 PM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's instructions depend on the Membrane CLI (installed via npm) and browser-based login, but the skill metadata does not declare the required binary/install step — this mismatch and the global npm install guidance warrant caution.
- Guidance
- This skill appears to be a legitimate Tools4ever integration that uses Membrane, but there are some metadata mismatches you should consider before installing: 1) The skill's instructions require the Membrane CLI, yet the registry metadata doesn't declare that binary/dependency — ask the publisher to add a declared dependency or install spec. 2) Installing with `npm install -g` will place a persistent binary on your system; prefer using `npx` for ephemeral execution or review the @membranehq/cli package and its publisher (npm page, GitHub repo, release history) before installing. 3) Verify the homepage/repository and the publisher identity (owner ID is opaque) to ensure you're installing the expected package. 4) Because authentication is delegated to Membrane, confirm you trust Membrane as the central credential manager for Tools4ever data. If you want higher assurance, ask the skill author to: include an explicit install spec in the registry metadata, declare required binaries, and provide the exact repository and release URLs used for the CLI.
Review Dimensions
- Purpose & Capability
- concernThe SKILL.md clearly requires the Membrane CLI (commands like `membrane login`, `membrane connect`, `membrane action run`) yet the registry metadata lists no required binaries or install steps. That omission is an inconsistency: a Tools4ever integration that uses Membrane legitimately needs that CLI, so the package metadata should declare it.
- Instruction Scope
- okThe runtime instructions stay on-topic: they describe installing/using the Membrane CLI, authenticating (browser or headless flow), creating a Tools4ever connection, discovering and running actions. They do not instruct reading unrelated files, exporting environment variables, or exfiltrating data to unexpected endpoints.
- Install Mechanism
- noteThere is no formal install spec in the skill bundle; instead SKILL.md tells users to run `npm install -g @membranehq/cli@latest` (and uses `npx` in examples). Installing a global npm package is a moderate-risk action (code will be written to disk and executed). The instruction is traceable to the public npm registry, not an arbitrary URL, but the registry metadata should have declared this dependency.
- Credentials
- okThe skill requests no environment variables or credentials and explicitly instructs to let Membrane handle credentials (browser login / connection flow). That is proportionate to an integration that delegates auth to a third-party service; there are no unexplained secret requests.
- Persistence & Privilege
- noteThe skill is not always-enabled and does not request elevated platform privileges. However, following the instructions will install a globally persistent CLI tool on the host, which increases persistence and attack surface compared with an instruction-only usage (for example using `npx` for ephemeral calls).