ClawHub
Back to skill
v1.0.4

Codacy

ReviewClawScan verdict for this skill. Analyzed Apr 30, 2026, 3:21 PM.

Analysis

This Codacy skill is mostly purpose-aligned, but it asks the agent to install and run an unpinned third-party CLI despite being packaged as instruction-only.

GuidanceBefore installing, verify that you trust Membrane and the npm CLI package, prefer a pinned CLI version, review Codacy OAuth scopes, and confirm each connection/action before giving the agent access to organization or repository data.

Findings (8)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Agent Goal Hijack
SeverityLowConfidenceHighStatusNote
SKILL.md
`clientAction.agentInstructions` (optional) — instructions for the AI agent on how to proceed programmatically.

The skill allows service-returned content to provide procedural instructions to the agent. This is purpose-aligned for setup, but it should not override the user's actual goal or safety limits.

User impactA remote setup response could influence what the agent does next during connection setup.
RecommendationTreat returned agent instructions as untrusted guidance and follow them only when they are relevant to the user's explicit request.
Tool Misuse and Exploitation
SeverityLowConfidenceHighStatusNote
SKILL.md
Use action names and parameters as needed. ... `membrane action list --connectionId=CONNECTION_ID --intent "QUERY" --limit 10 --json`

The agent can dynamically discover Codacy actions and choose parameters. That is consistent with an integration skill, but it gives the agent broad discretion over account queries.

User impactThe agent may query Codacy data using actions it discovers at runtime.
RecommendationConfirm the connection, organization, repository, and action before allowing sensitive or modifying operations.
Agentic Supply Chain Vulnerabilities
SeverityMediumConfidenceHighStatusConcern
SKILL.md
`npm install -g @membranehq/cli@latest` ... `If no app is found, one is created and a connector is built automatically.`

The skill depends on an unpinned global npm package and an automatically built connector that are not present in the artifact manifest or install spec.

User impactThe installed CLI or generated connector could change independently of this skill package, making behavior harder to verify.
RecommendationPin the CLI version, declare the install requirement, verify the package source, and require user approval before using auto-built connectors.
Unexpected Code Execution
SeverityMediumConfidenceHighStatusConcern
SKILL.md
Install the Membrane CLI so you can run `membrane` from the terminal: `npm install -g @membranehq/cli@latest`

Although the package is described as instruction-only with no install spec, the runtime instructions ask for local command execution and a global npm install.

User impactInstalling and running the CLI can modify the local environment and execute code outside the reviewed skill artifact.
RecommendationOnly run the install command after explicit user approval, prefer a pinned version, and avoid global installation where possible.
Cascading Failures
SeverityLowConfidenceHighStatusNote
SKILL.md
Use `membrane connection ensure` to find or create a connection ... The output contains the new connection id.

The skill creates or reuses persistent Membrane connections, so using the wrong connection or account could affect later Codacy operations.

User impactA mistaken connection choice could cause future actions to run against the wrong Codacy account or organization.
RecommendationVerify the connection ID, organization, and repository before proceeding, especially in shared or multi-account environments.
Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse
SeverityMediumConfidenceHighStatusNote
SKILL.md
Membrane handles authentication and credentials refresh automatically ... The user completes authentication in the browser.

The skill requires delegated account authentication and ongoing credential refresh through Membrane, which is sensitive but aligned with Codacy integration.

User impactUsing the skill may grant access to Codacy organization, repository, user, and security information through Membrane.
RecommendationReview OAuth scopes, use the least-privileged account available, and revoke the Membrane/Codacy connection when finished.
Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning
SeverityLowConfidenceMediumStatusNote
SKILL.md
Get Security Dashboard ... List Organization People ... List Pull Request Issues ... Search Repository Issues

The skill can retrieve organization, security, pull-request, and issue data into the agent context. This is expected, but such retrieved content should be treated as data, not instructions.

User impactRepository or issue content may appear in the conversation and could contain sensitive project information or misleading text.
RecommendationLimit retrieved data to what is needed and do not let repository or issue text override the user's instructions.
Insecure Inter-Agent Communication
SeverityMediumConfidenceHighStatusNote
SKILL.md
This skill uses the Membrane CLI to interact with Codacy. Membrane handles authentication and credentials refresh automatically

Codacy access is mediated through Membrane, so authentication and data pass through an external provider/gateway boundary.

User impactCodacy account data and credentials are handled through Membrane rather than only through Codacy directly.
RecommendationUse a trusted Membrane account, review connected-app permissions, and disconnect the integration when it is no longer needed.