Skillv1.0.2

ClawScan security

Gorillastack · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 2, 2026, 9:07 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: This is an instruction-only GorillaStack integration that appears internally coherent but is underspecified about authentication and runtime behavior — review how it uses Membrane and what data it will call or transmit before installing.
Guidance: This skill is instruction-only and claims to use Membrane for connectivity. Before installing: (1) Verify the full SKILL.md to confirm it never instructs the agent to read local files, shell history, or arbitrary environment variables. (2) Ask how authentication to GorillaStack is provided by Membrane — confirm whether you must supply API keys and where they will be stored. (3) Confirm the skill's source/trustworthiness (author, repository) since the registry shows 'Source: unknown' but points to membranedev in the SKILL.md. (4) If you have sensitive cloud credentials, avoid installing until you can confirm the exact API calls and data flows; require least-privilege API keys scoped to only needed GorillaStack actions.

Review Dimensions

Purpose & Capability: noteThe skill claims to integrate with GorillaStack and lists many GorillaStack-like entities. It requires network access and a Membrane account (per SKILL.md) but declares no GorillaStack API key or other credentials in the registry metadata. That can be legitimate if auth is provided transparently by the Membrane platform, but the skill does not explicitly document what credentials or tokens will be used or where they must be supplied.
Instruction Scope: noteSKILL.md is instruction-only and largely lists many resource types; the provided excerpt contains no commands, file reads, or env access. Because the file is long and the prompt truncates part of it, I cannot confirm there are no vague or broad instructions (e.g., 'gather context' or 'use any available credentials'). Review the full SKILL.md to ensure it does not instruct the agent to read arbitrary local files, shell history, or environment variables beyond what is necessary.
Install Mechanism: okNo install spec and no code files — lowest risk for arbitrary code being written to disk. Instruction-only skills execute via the agent runtime and network calls; there is no package download to audit here.
Credentials: noteThe registry metadata lists no required env vars or primary credential. SKILL.md says a Membrane account is required but doesn't declare which credentials the agent will need at runtime. That omission is a red flag: either the platform supplies auth (acceptable) or the skill expects secrets that are not declared (concerning). Confirm how authentication is handled and whether any API keys or tokens will be requested or stored.
Persistence & Privilege: okThe skill is not marked always:true and is user-invocable; it does not request persistent installation or system-level changes in the manifest. No evidence it modifies other skills or global settings.