Back to skill
Skillv1.0.10
ClawScan security
Gmail · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousApr 28, 2026, 9:11 AM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's instructions coherently describe a Gmail integration that uses the third‑party Membrane CLI, but the package registry metadata omits the explicit requirement for a Membrane account/credentials and the runtime directs users to install/run a third‑party CLI that will handle OAuth and access Gmail — this mismatch and the third‑party routing of email data warrant caution.
- Guidance
- This skill appears to be what it claims (a Gmail integration) but it relies on the third-party Membrane service and asks you to install their CLI and sign in. Before installing or using it: 1) Confirm you trust Membrane (getmembrane.com) — they will broker access to your Gmail and hold OAuth tokens; review their privacy/security docs. 2) Consider the impact of actions exposed by the skill (send/delete/permanently delete) and whether the agent should be allowed to perform them autonomously. 3) Avoid installing global npm packages from unknown sources unless you verify the package owner and published code. 4) Note the registry metadata did not declare the required Membrane account/credentials — ask the publisher to declare required credentials and data flows. 5) If you proceed, limit scope (use least-privilege account), monitor and be ready to revoke the Membrane/Gmail OAuth consent if anything looks suspicious.
Review Dimensions
- Purpose & Capability
- okName/description (Gmail integration) match the SKILL.md: the skill instructs the agent/user how to connect to Gmail and call actions (list/send/delete, etc.) via the Membrane platform/CLI. Requested binaries/env vars in the registry are minimal and consistent with a lightweight instruction-only integration.
- Instruction Scope
- noteSKILL.md tells the user/agent to install and use the @membranehq/cli, run membrane login, create/find a connection and execute actions. Instructions do not ask the agent to read unrelated files or hidden credentials, but they do route Gmail access through Membrane (a third party) and instruct installing and running a global npm CLI — both increase the surface area and should be considered by the user.
- Install Mechanism
- noteThe registry has no formal install spec, but SKILL.md instructs installing a global npm package (npm install -g @membranehq/cli) and using npx. Installing a third‑party global CLI is a moderate risk compared with instruction-only skills that require no installs; the SKILL.md's install source (npm/@membranehq) is a public registry (not an arbitrary URL), which is expected but still worth vetting before global installation.
- Credentials
- concernThe skill runtime requires a Membrane account and will perform OAuth flows to access a user's Gmail, yet the registry metadata declares no required environment variables or primary credential. That mismatch is an incoherence: a live Gmail integration necessarily involves credentials/tokens (handled by Membrane) and should be declared. Also, because Membrane intermediates Gmail access, tokens and email metadata will be exposed to that third party — the SKILL.md does not enumerate privacy/consent implications in registry metadata.
- Persistence & Privilege
- okThe skill is not marked always:true and does not request system-wide persistence or modification of other skills. It's an instruction-only skill; no autonomous privilege escalation flags beyond the platform default (agent invocation is enabled by default).