Back to skill
Skillv1.0.3
ClawScan security
Enerflo · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 21, 2026, 3:04 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is an instruction-only Enerflo integration that consistently instructs using the Membrane CLI and does not request unrelated credentials or access.
- Guidance
- This skill appears coherent and uses the Membrane CLI to authenticate and connect to Enerflo. Before installing or running it: (1) verify you trust the @membranehq npm package and review its repository/maintainer if possible; (2) prefer installing CLI tools in a contained environment (container, VM, or non-root user) rather than system-wide; (3) be aware that the Membrane login flow will grant access tokens to the connector—revoke them in Membrane if you no longer want the connection; (4) if you need stronger assurance, inspect the Membrane CLI source code or use a vetted binary distribution. Overall the skill’s requests and instructions align with its stated purpose.
Review Dimensions
- Purpose & Capability
- okThe name/description (Enerflo integration) match the instructions: the SKILL.md tells the agent to use the Membrane CLI to connect to Enerflo and run Enerflo-related actions. No unrelated services, credentials, or binaries are requested.
- Instruction Scope
- okRuntime instructions are limited to installing/using the Membrane CLI, authenticating via membrane login, creating a connection with --connectorKey enerflo, and listing/running Enerflo actions. The instructions do not ask the agent to read arbitrary local files, environment variables, or send data to unexpected endpoints.
- Install Mechanism
- noteThere is no registry install spec; SKILL.md recommends installing the Membrane CLI via `npm install -g @membranehq/cli@latest`. Using npm is common and expected, but global npm installs run third-party code on the host (moderate risk). The skill itself does not bundle or download arbitrary archives or unknown URLs.
- Credentials
- okThe skill declares no required env vars or primary credential. Authentication is delegated to the Membrane CLI (interactive or headless OAuth-style flow). That is proportionate to a connector that needs access tokens to Enerflo.
- Persistence & Privilege
- okThe skill is not always-on and does not request special platform privileges. It is instruction-only and does not modify other skills or system-wide configs. Autonomous invocation is allowed by default (platform default), which is appropriate for a connector skill.