Skillv1.0.3

ClawScan security

Wubook Ratechecker · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignApr 22, 2026, 9:13 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's instructions, required actions, and external dependencies align with its stated purpose (using the Membrane CLI to integrate with WuBook RateChecker); nothing requested is disproportionate or unexplained.
Guidance: This skill is instruction-only and asks you to install and use the Membrane CLI to connect to WuBook RateChecker. Before installing or running it: (1) confirm you trust the @membranehq npm package and the getmembrane.com / GitHub sources (check package repo and recent releases to avoid typosquat packages); (2) be aware npm -g may require admin rights and will place a binary on your PATH; (3) the flow uses browser-based auth (you may need to handle one-time codes in headless environments); (4) the skill delegates auth to Membrane (you won't be asked for WuBook API keys locally) — if you require on-prem or stricter data controls, verify Membrane's privacy/security policy first; (5) run the CLI in a sandbox or isolated user account if you want to minimize risk before trusting it broadly.

Purpose & Capability: okThe skill claims to integrate with WuBook RateChecker and only asks the user to install and use the Membrane CLI to create a connection and run actions. There are no unrelated env vars, binaries, or config paths requested.
Instruction Scope: okSKILL.md only instructs installing/using the Membrane CLI, running login/connect/action commands, and polling for action status. It does not ask the agent to read unrelated files, access unrelated credentials, or transmit data to unexpected endpoints beyond Membrane's services.
Install Mechanism: noteThe skill recommends installing @membranehq/cli via npm (global). This is a typical install method for a CLI and is proportionate, but npm packages carry the normal supply-chain risk; the skill itself does not automatically install anything (instruction-only).
Credentials: okNo environment variables, credentials, or config paths are required by the skill. Authentication is delegated to Membrane's login flow, which is consistent with the stated goal of avoiding local API key handling.
Persistence & Privilege: okThe skill is not marked always:true and does not request persistent elevated privileges or the ability to modify other skills or agent-wide settings. Autonomous invocation is allowed (default) but is not combined with other red flags.