Skillv1.0.3

ClawScan security

Webcrm · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 22, 2026, 1:40 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's instructions, dependencies, and behavior align with its WebCRM integration purpose and nothing in the manifest demands unrelated privileges or secrets.
Guidance: This skill appears coherent and only uses the Membrane CLI to connect to WebCRM. Before installing or following the instructions: 1) Verify the @membranehq/cli package and its publisher on npm and inspect its repository (the SKILL.md links to a Membrane repo). 2) Remember that using this skill delegates authentication and request handling to Membrane — the service will see connection data and any CRM records accessed, so only use it if you trust that provider and its privacy/security practices. 3) Installing global npm packages modifies your system environment; prefer using npx or containerized environments if you want to avoid global installs. 4) Do not provide local API keys to the agent — the skill correctly tells you to create a connection via Membrane instead.

Review Dimensions

Purpose & Capability: okThe name/description claim WebCRM integration and all runtime instructions focus on using the Membrane CLI to connect to WebCRM, discover actions, and run them. No unrelated credentials, binaries, or system paths are requested.
Instruction Scope: okSKILL.md confines runtime actions to installing/using the @membranehq/cli and running membrane commands (login, connect, action list/run). It does not instruct reading arbitrary local files, scanning system credentials, or sending data to third-party endpoints besides Membrane/WebCRM. It does rely on interactive login or pasted codes for headless environments, which is expected for this flow.
Install Mechanism: noteThe skill is instruction-only (no automatic install). It recommends installing a global npm package (@membranehq/cli) or using npx. Installing global npm packages is a typical approach but carries moderate risk compared to no install — users should verify the package owner and repository before running npm install -g.
Credentials: okNo environment variables, secrets, or config paths are requested. The docs explicitly state Membrane will handle auth server-side and advise not to ask users for API keys, which is consistent and proportionate for a connector-style skill.
Persistence & Privilege: okThe skill is not forced always-on, is user-invocable, and does not request or instruct changes to other skills or system-wide agent settings. Allowing autonomous invocation is the platform default and not by itself a concern here.