Skillv1.0.3

ClawScan security

Typeform · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 21, 2026, 2:05 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's requirements and instructions are consistent with a Typeform integration that uses the Membrane CLI as a broker; nothing requested appears unrelated to its stated purpose.
Guidance: This skill is coherent: it instructs the agent to use the Membrane CLI to manage Typeform data rather than asking for raw API keys. Before installing or following the instructions: 1) Verify the @membranehq/cli package and its publisher (review the package on npm and the GitHub repo) before running a global npm install. 2) Understand that creating a Membrane connection hands Membrane the ability to access your Typeform account — review Membrane's privacy/security documentation. 3) Be cautious about destructive actions (delete-form, delete-responses); restrict agent autonomy or confirm destructive operations with the user. 4) If you cannot or do not want to trust Membrane with credentials, do not create the connection and instead use a vetted, direct integration. If you want more assurance, provide the Membrane CLI install and login outputs (only after redacting any one-time codes) or ask the skill author for the exact npm package repo to review.

Review Dimensions

Purpose & Capability: okThe skill is an instruction-only Typeform integration that delegates API access and auth to the Membrane CLI/service. Requesting network access and a Membrane account is coherent with the described functionality; no unrelated credentials, binaries, or config paths are requested.
Instruction Scope: okSKILL.md only instructs installing the Membrane CLI and using its commands (login, connect, action list/run, etc.) to manage Typeform resources. It does not direct the agent to read unrelated files or exfiltrate data outside the Membrane workflow. Destructive actions (delete-form/delete-responses) are listed as available — these are expected for a management skill but are sensitive.
Install Mechanism: noteThe doc recommends installing @membranehq/cli via `npm install -g`. This is a typical approach but does require running third-party code with global install privileges; users should vet the npm package and its publisher before installing. There is no automatic install performed by the skill itself (instruction-only).
Credentials: okThe skill declares no required env vars and relies on Membrane to handle Typeform credentials server-side. That is proportionate to the described purpose. Note: using Membrane centralizes access to Typeform credentials — users should be comfortable trusting Membrane with those tokens.
Persistence & Privilege: okalways is false and the skill is user-invocable. The skill does not request persistent system privileges or attempt to modify other skills or system-wide configuration. Autonomous invocation is allowed by default but not excessive here; consider limiting agent autonomy if you want to prevent destructive actions.