Back to skill
Skillv1.0.3
ClawScan security
Yotpo Loyalty Referrals · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 22, 2026, 1:46 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's instructions and requirements largely match its stated purpose (it uses the Membrane CLI to connect to Yotpo), but it omits declaring that npm/node are required and recommends installing @membranehq/cli@latest globally — review and pin that CLI before installing.
- Guidance
- This skill appears to do what it says: it uses Membrane to connect to Yotpo and run pre-built actions. Before installing: (1) ensure you trust the @membranehq/cli package — inspect its npm/GitHub pages and consider pinning to a specific release rather than using @latest; (2) be aware you need Node/npm to run the install (the registry metadata doesn't declare this); (3) the CLI login delegates auth to Membrane — review what access/permissions the Membrane connection will have to your Yotpo account before authorizing; (4) avoid providing unrelated credentials to the agent; and (5) if you prefer tighter controls, run the CLI in a sandboxed environment or review the Membrane docs and source before use.
- Findings
[regex_scanner_no_findings] expected: The repo contains only SKILL.md (instruction-only), so the regex-based scanner had no code to analyze; this absence of findings is expected but not evidence of safety.
Review Dimensions
- Purpose & Capability
- noteThe skill is described as a Yotpo Loyalty & Referrals integration and the SKILL.md consistently uses the Membrane CLI to create a connection and run actions against Yotpo. However, the registry metadata lists no required binaries while the instructions assume npm/node are available (for `npm install -g @membranehq/cli@latest`), which is an omission.
- Instruction Scope
- okRuntime instructions are limited to installing and using the Membrane CLI, authenticating via Membrane, creating a connection to the Yotpo connector, discovering and running actions. The instructions explicitly avoid asking for raw API keys and do not ask the agent to read unrelated files or secrets.
- Install Mechanism
- noteThere is no formal install spec in the registry (instruction-only). The SKILL.md tells users to run `npm install -g @membranehq/cli@latest`. Installing an npm package globally and using the `@latest` tag is a moderate-risk action — consider pinning a specific version and verifying the package source before installing.
- Credentials
- okThe skill does not request environment variables, credentials, or config paths in the registry and the instructions delegate auth to Membrane (advising never to ask users for API keys). No disproportionate credential requests are present.
- Persistence & Privilege
- okThe skill is not set to always:true and does not request persistent or cross-skill configuration changes. Autonomous invocation is allowed (the platform default) but is not combined with other concerning flags.