Back to skill
Skillv1.0.3
ClawScan security
Zenhub · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 22, 2026, 1:53 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's instructions, requirements, and install steps are coherent with a ZenHub integration that delegates auth and API handling to the Membrane CLI; nothing requested is disproportionate to that purpose.
- Guidance
- This skill delegates ZenHub access to the Membrane service and its CLI. Before installing: (1) verify the @membranehq/cli package and the Membrane service (getmembrane.com / repository) are trustworthy, (2) prefer using npx for one-off runs instead of a global npm install if you do not want a permanent global binary, (3) understand that authentication will open a browser or provide a URL for login and that Membrane will manage tokens server-side (review their privacy/terms), and (4) avoid pasting credentials into unknown prompts. If you require on-prem or local-only control of tokens, this Membrane-hosted flow may not meet that requirement.
Review Dimensions
- Purpose & Capability
- okThe skill declares a ZenHub integration and its SKILL.md instructs the agent to use the Membrane CLI to connect to ZenHub and run actions. Asking the user to install @membranehq/cli and to create a connection with connectorKey=zenhub is consistent with the stated purpose.
- Instruction Scope
- okRuntime instructions are narrowly scoped to installing/using the Membrane CLI, logging in, creating a connection, discovering/creating actions, and running them. The SKILL.md does not instruct reading unrelated files, harvesting environment variables, or sending data to unexpected endpoints beyond Membrane.
- Install Mechanism
- noteNo embedded install spec in metadata (instruction-only). SKILL.md recommends npm install -g @membranehq/cli or using npx, which is reasonable for a CLI-based integration but does involve installing third-party code from npm; this is expected for a CLI-driven skill but users should verify the package authenticity before installing globally.
- Credentials
- okThe skill declares no required environment variables, no primary credential, and no config paths. The SKILL.md explicitly advises not to ask users for API keys and to let Membrane manage auth, which aligns with the absence of requested secrets.
- Persistence & Privilege
- okThe skill is not always-enabled, does not request special persistence or system-wide configuration changes, and is user-invocable with normal autonomous-invocation settings. Nothing indicates it will modify other skills or system settings.