Skillv1.0.3

ClawScan security

Gong · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 21, 2026, 12:04 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's instructions align with a Gong integration via the Membrane CLI, but the package metadata omits required tooling and an install spec — asking you to run a global npm install without declaring that dependency is an incoherence you should be aware of before installing.
Guidance: This skill appears to do what it says (control Gong via Membrane), but the SKILL.md asks you to install the Membrane CLI with a global npm install while the registry metadata declares no required binaries or install steps. Before installing or running this skill: 1) Verify that you trust the Membrane project and the package @membranehq/cli on the npm registry and inspect its source (the SKILL.md points to https://getmembrane.com and a GitHub repo). 2) Be aware that a global npm install runs code with your privileges — prefer installing in a controlled environment or container if you’re unsure. 3) Expect an interactive OAuth-style login (browser or code flow) that will create local credentials for the CLI. 4) If you want stronger assurance, ask the publisher to add explicit metadata listing required binaries (node/npm, membrane CLI) and an install spec (with provenance or pinned version) so you can review the exact artifact being installed.

Review Dimensions

Purpose & Capability: concernThe SKILL.md clearly intends to manage Gong via the Membrane CLI and requires a Membrane account and network access. However, the registry metadata declares no required binaries or credentials. In practice the skill expects the 'membrane' CLI (and implicitly npm/node to install it), which is not listed in the skill's declared requirements — an inconsistency that could surprise users or operators.
Instruction Scope: okThe runtime instructions stay within the stated purpose: they describe using the Membrane CLI to create connections, list actions, create/run actions, and authenticate. The instructions don't request unrelated host files or extra environment variables, nor do they direct data to unexpected endpoints outside Membrane/Gong.
Install Mechanism: concernThere is no formal install spec, but SKILL.md instructs the user to run 'npm install -g @membranehq/cli@latest'. Asking users/agents to perform a global npm install is a de facto install step that isn't declared in metadata. Global npm installs run arbitrary code from the npm registry and require privilege; the absence of an explicit install spec and provenance/checksum makes this a moderate risk and an inconsistency.
Credentials: okNo environment variables or credentials are declared or required in the registry metadata; authentication is performed interactively via the Membrane CLI (browser flow or headless code flow). That is proportionate to the described behavior, though users should expect an interactive OAuth-like flow and the CLI will store credentials locally as part of normal operation.
Persistence & Privilege: okThe skill does not request persistent/always-on privileges and does not claim to modify other skills or systemwide settings. It is user-invocable and can be invoked autonomously by agents by default (platform default), which is normal. There is no 'always: true' or other elevated persistent flag.