Back to skill
Skillv1.0.3
ClawScan security
Hasura · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 21, 2026, 5:02 PM
- Verdict
- benign
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's requirements and instructions align with a Hasura integration that uses the Membrane CLI; nothing requested is disproportionate, but installing a third‑party CLI and running actions that can execute SQL/webhooks requires user trust and care.
- Guidance
- This skill is internally consistent for managing Hasura via the Membrane service, but before installing: 1) verify you trust the Membrane project/@membranehq npm package and, if needed, inspect the package source; 2) be cautious about running actions that execute raw SQL, modify metadata, or create webhooks — always confirm intent with the user and require explicit approval for destructive actions; 3) understand that authentication is handled by Membrane's cloud service (you are delegating credentials/token management to them); and 4) prefer least-privilege Hasura connections and test actions in a safe (staging) environment first.
Review Dimensions
- Purpose & Capability
- okThe name/description (Hasura integration) match the instructions: the skill delegates Hasura operations to the Membrane CLI and lists Hasura-specific actions (queries, mutations, run-sql, metadata operations). No unrelated credentials, binaries, or paths are requested.
- Instruction Scope
- noteThe SKILL.md stays within the Hasura integration scope and tells the agent to install and use the Membrane CLI, authenticate, connect, discover actions, and run them. It documents actions that can be destructive (run-sql, drop-relationship, delete-event-trigger, create-rest-endpoint, etc.) — this is expected for an admin/integration skill but warrants explicit user consent before executing such actions.
- Install Mechanism
- noteThe install instruction is a global npm install (@membranehq/cli), which is a common but higher‑impact install (writes a global binary). This is a moderate-risk install mechanism because it executes third-party code from the npm registry; it's proportionate to the stated CLI usage but users should verify the package publisher and review the package if they have supply-chain concerns.
- Credentials
- okNo environment variables or secrets are requested by the skill. Authentication is delegated to Membrane via an interactive login flow; requiring a Membrane account is coherent with the CLI-based design. The user should understand that credentials/tokens will be managed by Membrane's service.
- Persistence & Privilege
- okThe skill does not request always:true and provides no install-time persistence or system-wide configuration changes in the SKILL.md. Autonomous invocation is allowed (platform default) but not combined with elevated privileges or additional persistent access.