Back to skill
Skillv1.0.3
ClawScan security
Calcom · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 21, 2026, 3:03 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is internally consistent: it documents using the Membrane CLI to access Cal.com and requests nothing unusual from the host environment.
- Guidance
- This skill looks coherent and focused on using the Membrane CLI to proxy calls to Cal.com. Before installing or running it: (1) Verify and trust the Membrane provider (getmembrane.com) because the CLI delegates auth and will manage your Cal.com tokens server-side; (2) inspect the @membranehq/cli npm package source (or install from a verified release) to reduce supply-chain risk; (3) consider avoiding a global npm install if you prefer containment (use a local or containerized environment); (4) confirm the connectorKey 'calcom' and actions referenced match what you expect in your Membrane account; and (5) be aware that if you allow an autonomous agent to use this skill, it can run Membrane commands that interact with your Cal.com connection — only enable that for agents you trust.
Review Dimensions
- Purpose & Capability
- okName and description (Cal.com integration / manage users) match the instructions: all commands target Membrane CLI and Cal.com connector. No unrelated credentials, binaries, or paths are requested.
- Instruction Scope
- okSKILL.md confines actions to installing and using the Membrane CLI (login, connect, list/run actions). It does not instruct reading arbitrary local files, unrelated env vars, or posting data to unexpected endpoints. It explicitly advises against asking users for API keys.
- Install Mechanism
- noteThere is no automated install spec in the skill bundle; the README instructs users to run `npm install -g @membranehq/cli@latest`. This is typical for a CLI integration but carries standard supply-chain considerations (npm package trust, global install).
- Credentials
- okThe skill declares no required environment variables, config paths, or credentials. Authentication is delegated to Membrane, which is proportionate to the stated purpose but requires trusting a third-party service to manage tokens.
- Persistence & Privilege
- okalways is false and the skill does not request persistent system-level changes. Autonomous invocation is allowed by default (platform behavior) but the skill itself does not request elevated privileges or modify other skills.