Back to skill
Skillv1.0.2
ClawScan security
Hansei · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 2, 2026, 8:59 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is an instruction-only integration that coherently directs the agent to use the Membrane CLI to access Hansei; its requirements and instructions align with that purpose and do not request unrelated privileges or secrets.
- Guidance
- This skill appears coherent, but before installing: 1) verify the @membranehq/cli package on npm and the referenced GitHub repo/homepage to confirm authenticity; 2) be aware installing a global npm package executes third-party code — avoid running npm install -g as root if possible; 3) understand that using the skill grants Membrane (the connector service) access to your Hansei data via the connection you create — review Membrane's access scopes and privacy policy and use least-privilege accounts where possible; 4) in CI/headless environments use the documented headless flow and avoid embedding credentials locally. If you need greater assurance, request the skill author to provide a pinned release URL or code bundle to inspect before installing.
Review Dimensions
- Purpose & Capability
- okThe skill name and description (Hansei integration) match the instructions: install Membrane CLI, create a connection, list/run actions, and proxy requests to Hansei. No unrelated services, binaries, or credentials are requested.
- Instruction Scope
- okSKILL.md only instructs installing and using the Membrane CLI, running specific Membrane commands, and performing browser-based auth/ headless login flows. It does not direct the agent to read local files, access unrelated env vars, or exfiltrate data to unexpected endpoints.
- Install Mechanism
- noteThe skill is instruction-only (no install spec in the registry) but tells users to run a global npm install (@membranehq/cli). This is expected for a CLI-based integration but requires installing third-party code globally — verify the npm package and avoid running as an elevated user if you have concerns.
- Credentials
- okNo environment variables, secrets, or config paths are requested. Authentication is delegated to Membrane's login flow as described, which is proportionate to a connector-style integration.
- Persistence & Privilege
- okThe skill is not always-enabled and does not request persistent system-level privileges or modify other skills; it relies on the user running Membrane CLI commands interactively or via defined flows.