Back to skill
Skillv1.0.3
ClawScan security
Circleci · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 21, 2026, 9:04 PM
- Verdict
- benign
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill is an instruction-only wrapper that tells the agent to use the Membrane CLI to interact with CircleCI; its requests and instructions are consistent with that purpose, but it relies on installing a third-party CLI (npm) and an external Membrane account, so verify the vendor before installing.
- Guidance
- This skill is essentially a set of instructions to use the Membrane CLI to manage CircleCI resources. Before installing or running it: 1) Verify you trust Membrane/@membranehq — check the npm package page and the GitHub repository referenced in SKILL.md. 2) Prefer installing the CLI in a controlled environment (container or dedicated admin host) if you have supply-chain concerns. 3) Be cautious when running actions that create/update environment variables, contexts, or trigger pipelines—those can change CI secrets or run workloads. 4) If you want tighter control, run the membrane commands manually rather than giving an agent autonomous invocation, and consider disabling autonomous skill invocation for sensitive workflows. 5) If anything about the publisher or repository looks suspicious, do not install the CLI or create connections until you can confirm the vendor identity.
Review Dimensions
- Purpose & Capability
- okThe name/description (CircleCI integration) aligns with the runtime instructions: all actions are performed via the Membrane CLI and the connectorKey circleci. There are no unrelated environment variables, binaries, or permissions requested that would be inconsistent with a CircleCI integration.
- Instruction Scope
- okSKILL.md instructs the agent/user to install the Membrane CLI, run membrane login, create a connection, discover and run actions, and optionally create custom actions. The instructions do not direct the agent to read arbitrary files, request unrelated secrets, or transmit data to third-party endpoints other than Membrane/CircleCI via the Membrane service.
- Install Mechanism
- noteThe skill recommends installing @membranehq/cli globally via npm (npm install -g @membranehq/cli@latest). Using npm is expected for a CLI, but global npm installs and supply-chain risks are non-trivial: verify the package on npmjs.com, confirm the publisher, and inspect the upstream GitHub repo before installing in production systems.
- Credentials
- okThe skill declares no required env vars or credentials and explicitly delegates auth to Membrane. This is proportionate: CircleCI access is obtained via the Membrane connection flow rather than by asking for unrelated secrets.
- Persistence & Privilege
- okThe skill is instruction-only, has no install-time hooks, and does not set always: true. It recommends using the Membrane CLI which will store auth session data for the user, but the skill itself does not request persistent system-wide privileges or modify other skills' configs.