Back to skill
Skillv1.0.3
ClawScan security
Appdrag · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 21, 2026, 6:02 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's requirements and instructions align with its stated purpose (using the Membrane CLI to access AppDrag); nothing requested appears disproportionate or unrelated.
- Guidance
- This skill is coherent: it delegates AppDrag access to the Membrane CLI and asks you to log in via Membrane. Before installing, verify you trust the @membranehq/cli npm package and the Membrane service (supply-chain and privacy implications). Be aware that a global npm install may require elevated privileges and the CLI will likely store session tokens locally. Also review any actions you run (e.g., execute-raw-sql-query, download-remote-file) because those actions will access or modify your AppDrag data — only run actions you expect and that you trust Membrane to perform on your behalf.
Review Dimensions
- Purpose & Capability
- okThe SKILL.md describes using the Membrane CLI to connect to AppDrag and manage organizations/resources. The declared purpose (AppDrag integration) matches the instructions (install membrane CLI, login, connect, list/run actions).
- Instruction Scope
- okInstructions are narrowly scoped to installing and using the Membrane CLI, performing authentication, creating connections, discovering and running actions, and handling action results. There are no instructions to read unrelated files, harvest local environment variables, or exfiltrate data to unexpected endpoints.
- Install Mechanism
- noteThe SKILL.md instructs a global npm install of @membranehq/cli. Installing an npm package globally is a reasonable way to obtain the CLI but carries standard supply-chain and privilege considerations (global install may require elevated permissions). This is a moderate, expected risk for a CLI-based integration.
- Credentials
- okThe skill requests no environment variables or credentials directly and relies on Membrane's auth flow. That is proportionate: Membrane (per the doc) manages credentials server-side and the skill does not ask for API keys or unrelated secrets.
- Persistence & Privilege
- noteThe skill is user-invocable and not always-on (always: false). The CLI login flow may store session tokens locally (typical for CLIs), which is expected for this use case; consider this local persistence when you install the CLI.