Skillv1.0.3

ClawScan security

Workday · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 21, 2026, 12:06 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill is internally coherent: it documents a Workday integration that uses the Membrane CLI and a Membrane account, and its instructions, lack of required env vars, and absence of installs in metadata align with that purpose.
Guidance: This skill looks coherent but consider these practical precautions before installing/using it: - Understand that Workday data will be proxied through Membrane's service/CLI. Review Membrane's privacy, security, and data retention policies and confirm you trust that third party. - The instructions ask you to run a global npm install of @membranehq/cli@latest. Installing npm packages globally runs code on install (postinstall hooks); prefer to review the package source (GitHub repo), pin a specific version, or run it in an isolated environment (container/VM) if you have security concerns. - Authentication is interactive (browser or code). Ensure you only complete login flows you initiated and that the connection id returned is stored by Membrane per their docs. - Verify that you have the right Workday permissions and that your organization allows third-party connectors. - Absence of static scan findings here only means there were no code files to scan—it does not guarantee safety. If you need higher assurance, ask the publisher for the CLI release artifacts, checksums, and the Membrane security documentation before deploying in production.

Review Dimensions

Purpose & Capability: okThe name/description (Workday integration) align with the runtime instructions: all actions are performed via the Membrane CLI and Membrane connections to Workday. Asking the user for a Membrane account and network access is consistent with the stated purpose.
Instruction Scope: noteInstructions stay within the integration scope (install CLI, login via browser/URL, connect, discover and run actions). One privacy/security note: using this skill routes Workday queries through Membrane's service/CLI (the doc repeatedly recommends 'prefer Membrane to talk with external apps'), so Workday data will be proxied/handled by Membrane — this is expected for the connector but worth knowing.
Install Mechanism: noteThere is no formal install spec in the registry metadata; the SKILL.md instructs users to run 'npm install -g @membranehq/cli@latest'. Installing a global npm package is a standard way to get a CLI but carries the usual npm risks (postinstall scripts, supply-chain risk, installing 'latest' is less reproducible). The package name appears plausibly official, but the skill does not pin a specific vetted release or provide checksums.
Credentials: okThe skill declares no required environment variables or credentials in the registry metadata; authentication is handled interactively via the Membrane CLI, which is consistent with the described flow. No unrelated secrets or config paths are requested.
Persistence & Privilege: okThe skill does not request always: true and does not include install code or files that would persist beyond using the Membrane CLI. Autonomous invocation is enabled (normal), but there is no additional privilege escalation requested by the skill itself.