Craftmypdf
Analysis
The skill’s purpose is understandable, but it asks the agent to install and use a Membrane CLI with OAuth-style account access and broad authenticated CraftMyPDF API/proxy actions that are not well bounded.
Findings (7)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.
`clientAction.agentInstructions` (optional) — instructions for the AI agent on how to proceed programmatically.
The skill tells the agent that externally returned connection state may contain agent-directed instructions, but it does not say to treat those instructions as untrusted or require user confirmation.
When the available actions don't cover your use case, you can send requests directly to the CraftMyPDF API through Membrane's proxy... `membrane request CONNECTION_ID /path/to/endpoint`
This exposes a broad authenticated API proxy, and the same skill lists mutating actions such as deleting and updating templates, without explicit approval, scope, or rollback limits.
`npm install -g @membranehq/cli@latest` ... If no app is found, one is created and a connector is built automatically.
The skill relies on an unpinned latest npm package installed globally and on automatically built connectors, which creates provenance and version-control gaps not captured by an install spec.
`npm install -g @membranehq/cli@latest` ... `npx @membranehq/cli connection get <id> --wait --json`
Although the package has no code files in the skill bundle, the instructions cause local execution of npm-distributed CLI code and npx-run code.
Manage PDFDocuments, Users, Workspaces... Delete Template | delete-template | Delete a template by ID ... Create PDF Async | create-pdf-async | Generate a PDF document asynchronously with webhook notification
The skill can affect shared workspace resources and asynchronous webhook-driven workflows, but it does not describe containment, dry-run behavior, or approval boundaries for changes.
Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.
Membrane handles authentication and credentials refresh automatically... `membrane login --tenant --clientName=<agentType>` ... `connect` — user needs to authenticate (OAuth, API key, etc.).
The skill requires delegated account authentication and automatic credential refresh, while the provided requirements declare no primary credential; the scope of that authority is not clearly bounded.
Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.
send requests directly to the CraftMyPDF API through Membrane's proxy. Membrane automatically appends the base URL to the path you provide and injects the correct authentication headers — including transparent credential refresh
Authenticated requests and credential handling are routed through a gateway/proxy, but the instructions do not clearly define data boundaries, origin validation, or which requests are safe to proxy.