Back to skill
Skillv1.0.3
ClawScan security
Agencyzoom · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 21, 2026, 3:03 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is an instruction-only integration that delegates AgencyZoom access to the Membrane CLI; its requirements and instructions are coherent with the stated purpose.
- Guidance
- This skill appears to do what it says: it tells you to install the Membrane CLI and use it to connect to AgencyZoom. Before installing: verify the npm package (@membranehq/cli) and publisher on npm/GitHub, review Membrane's privacy and permission scopes (what access to AgencyZoom the connector will receive), and prefer installing in a sandbox/container or using npx if you want to avoid a global install. Expect the CLI to store authentication tokens locally after login; if you have sensitive host policies, confirm where those tokens are stored and how to revoke them. If you do not trust the Membrane project or the package source, do not install the CLI.
Review Dimensions
- Purpose & Capability
- okName/description say 'AgencyZoom integration' and the SKILL.md instructs using the Membrane CLI to connect to AgencyZoom and run pre-built actions. Requiring a Membrane account and network access is appropriate and proportional to the stated purpose.
- Instruction Scope
- okInstructions are limited to installing and using the Membrane CLI (login, connect, list/run actions). They do not ask the agent to read unrelated files, environment variables, or send data to unexpected endpoints beyond Membrane/AgencyZoom. Headless-login guidance is reasonable for non-interactive environments.
- Install Mechanism
- noteThe skill is instruction-only (no install spec), but SKILL.md tells users to run `npm install -g @membranehq/cli@latest`. Installing a global npm package is a common, moderate-risk action (network download and code executed on the host). Verify the package identity and trust the publisher before installing globally; consider using npx, a virtual environment, or container if you want to limit host exposure.
- Credentials
- okThe skill does not declare or request environment variables or unrelated credentials. It relies on interactive Membrane authentication (OAuth-like flow), which is expected for a connector and is proportionate. Be aware that authentication tokens will be issued/managed by Membrane and may be stored locally by the CLI.
- Persistence & Privilege
- okThe skill does not request always:true and is not installing persistent components itself. It only instructs the user to install a third-party CLI; it does not modify other skills or system-wide agent settings in the instructions provided.