Back to skill
Skillv1.0.3
ClawScan security
Canvas · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 21, 2026, 3:02 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- This is an instruction-only Canvas integration that consistently delegates auth and API work to the Membrane CLI; its requirements and instructions align with its stated purpose and it does not request unrelated credentials or system access.
- Guidance
- This skill appears coherent and focused: it asks you to install the Membrane CLI and sign into your Membrane account, then uses Membrane to connect to Canvas. Before installing, verify you trust the Membrane project (review https://getmembrane.com and the GitHub repo), prefer installing a specific CLI version rather than `@latest`, and be mindful that the login flow will open a browser or produce an auth URL you must complete. Because the skill relies on your Membrane account to hold Canvas credentials, check what permissions the Membrane connection requests and do not share Canvas API keys directly with the agent.
Review Dimensions
- Purpose & Capability
- okThe skill claims to integrate with Canvas and its instructions consistently use the Membrane CLI to create connections, discover actions, and run Canvas-related actions. Requiring a Membrane account and network access fits the stated purpose; there are no unexpected credentials or unrelated capabilities requested.
- Instruction Scope
- okAll runtime instructions are limited to using the Membrane CLI (login, connect, action list/run). The SKILL.md does not instruct the agent to read arbitrary files, environment variables, or other system secrets, nor to transmit data to third-party endpoints outside of Membrane/Canvas authentication flows.
- Install Mechanism
- noteThe registry contains no install spec, but SKILL.md asks the user to run `npm install -g @membranehq/cli@latest`. Installing a global npm package from the public registry is common and not inherently malicious, but using the `@latest` tag is more volatile than pinning a specific version. This is a moderate-risk action compared with a vetted package manager formula or no install instructions.
- Credentials
- okThe skill declares no required environment variables or local secrets and explicitly instructs that Membrane manages credentials server-side. This is proportionate for a Canvas integration; no unrelated credential requests are present.
- Persistence & Privilege
- okalways:false and no install-time modifications are declared. The skill does not request permanent system-wide privileges or attempt to modify other skills' configurations. Note: model invocation is allowed (platform default), which is expected for a usable skill.