Back to skill
Skillv1.0.3
ClawScan security
Isolved · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 21, 2026, 2:03 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is internally consistent: it is an instruction-only Isolved integration that uses the Membrane CLI for auth and actions, and it does not request unrelated credentials or system access.
- Guidance
- This skill appears coherent, but consider these precautions before installing/using it: 1) You will need a Membrane account and will sign into Membrane (the CLI may open a browser or use a headless code flow). Confirm you trust Membrane (review privacy/security, data retention, and the connector’s permissions) because HR data (PII/payroll) is highly sensitive. 2) The SKILL.md recommends `npm install -g @membranehq/cli`—verify the npm package and publisher and avoid installing global packages on sensitive or locked-down hosts. 3) Prefer creating a scoped connection with least privilege in Isolved and review audit logs for actions performed. 4) If you need greater assurance, ask the publisher for the exact connector implementation, data flows, and where Membrane stores or processes Isolved data.
Review Dimensions
- Purpose & Capability
- okName/description (Isolved HRIS integration) match the instructions: all runtime steps describe using the Membrane CLI to connect to Isolved and run actions. Nothing in the SKILL.md asks for unrelated cloud credentials, local configuration paths, or other services.
- Instruction Scope
- okInstructions are scoped to installing/using the Membrane CLI, authenticating (interactive or headless code flow), creating a connection to the isolved connector, discovering actions, and running them. The doc explicitly warns not to ask users for API keys and does not instruct reading unrelated files or env vars.
- Install Mechanism
- noteThere is no formal install spec in the registry (skill is instruction-only), but SKILL.md tells users to install @membranehq/cli via `npm install -g`. Installing a public npm CLI is reasonable for this purpose, but it does require global package install privileges and pulls code from the public npm registry—verify the package name and publisher before installing on sensitive or managed systems.
- Credentials
- okThe skill declares no required env vars, no primary credential, and instructs use of Membrane to manage credentials server-side. That aligns with the stated purpose and avoids asking for unrelated secrets.
- Persistence & Privilege
- okThe skill does not request always:true and does not modify other skills or system-wide settings. It relies on the Membrane service for auth lifecycle; autonomous invocation remains platform-default but does not combine with extra privileges here.