Back to skill
Skillv1.0.2
ClawScan security
Xero · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 2, 2026, 8:38 PM
- Verdict
- benign
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's instructions match its Xero-integration purpose and only require a Membrane account/CLI; there is a minor metadata mismatch and the user should verify the Membrane CLI package before installing.
- Guidance
- This skill appears to do what it claims: it uses the Membrane CLI to connect to Xero and run actions. Before installing or using it: 1) Verify the @membranehq/cli npm package and publisher (check the npm page and the project's GitHub/repo) to ensure you’re installing the official CLI. 2) Be aware you will need a Membrane account and that Membrane will store/manage Xero credentials and tokens—review their privacy/security policies. 3) Installing a global npm CLI has system-wide impact; prefer installing in a controlled environment if you have security concerns. 4) The registry metadata did not declare the required 'membrane' binary even though SKILL.md requires it — treat that as a minor inconsistency and confirm install steps. 5) Because this skill is instruction-only, there was no code to scan; if you need stronger assurance, inspect the Membrane CLI source or the connector implementation before granting access or sending sensitive data.
Review Dimensions
- Purpose & Capability
- noteThe skill claims to integrate with Xero and its SKILL.md exclusively describes using the Membrane platform to talk to Xero — this is coherent. However, the registry metadata lists no required binaries while the instructions require installing and using the 'membrane' CLI (npm @membranehq/cli). The SKILL.md also requires network access and a Membrane account, which are proportionate to the stated purpose.
- Instruction Scope
- okAll runtime instructions are scoped to installing/using the Membrane CLI, logging in, creating a connection to Xero, running pre-built actions, or proxying requests through Membrane to Xero. The instructions do not ask the agent to read unrelated files, environment variables, or system paths.
- Install Mechanism
- noteThis is an instruction-only skill (no platform install spec). SKILL.md tells the user to run 'npm install -g @membranehq/cli' — an npm global install from the public registry (moderate risk). There is no use of downloaded archives or unknown URLs, but the skill relies on a third-party CLI the user will install themselves; verify the package and publisher before installing.
- Credentials
- okThe skill declares no required environment variables or credentials; authentication is delegated to Membrane, which will manage Xero credentials and token refresh. That is proportionate for a connector-style integration. Users should be aware Membrane will hold Xero auth tokens for the connection.
- Persistence & Privilege
- okThe skill does not request persistent platform privileges (always: false) and does not indicate modification of other skills or system-wide settings. Normal autonomous invocation remains allowed (platform default).