Back to skill
Skillv1.0.3
ClawScan security
Apolloio · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 21, 2026, 1:04 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is internally consistent: it integrates Apollo.io via the Membrane CLI, asks the user to install and authenticate that CLI, and does not request unrelated credentials or perform unexplained actions.
- Guidance
- This skill is coherent: it delegates Apollo.io access to the Membrane CLI and requires a Membrane account. Before installing, verify you trust the @membranehq/cli package and its publisher (review the npm package page and the GitHub repo linked in SKILL.md). Prefer installing a pinned version rather than @latest or use npx to avoid a persistent global binary if you have security concerns. Understand that the Membrane CLI will handle and store authentication tokens locally and will communicate over the network to Membrane and Apollo.io; treat those tokens like any API credential. If you require stricter assurance, review the CLI source code or run it in an isolated environment (container) before granting it access to your primary environment.
Review Dimensions
- Purpose & Capability
- okThe name and description claim an Apollo.io integration and all instructions are about using the Membrane CLI to connect to Apollo.io, discover and run actions. There are no unrelated environment variables, binaries, or config paths requested.
- Instruction Scope
- okSKILL.md confines runtime behavior to installing and using the Membrane CLI (login, connect, list/create/run actions). It does not instruct reading arbitrary system files, unrelated env vars, or exfiltrating data to unexpected endpoints. It does rely on the Membrane service to handle auth and action execution.
- Install Mechanism
- noteThe install instruction is a global npm install (@membranehq/cli@latest). This is an expected delivery for a CLI but carries the usual npm/global-install risks (package code runs on the system). No obscure downloads or extract-from-URL steps are present.
- Credentials
- okThe skill declares no required env vars and the only credentialing is handled via the Membrane login flow. That is proportional to a connector that needs a Membrane account to access Apollo.io. There are no unrelated credential requests.
- Persistence & Privilege
- okThe skill is not always-enabled (always: false) and uses default agent invocation. It does not request elevated platform privileges or claim to modify other skills or system-wide settings.