Back to skill
Skillv1.0.3
ClawScan security
Median · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 22, 2026, 3:04 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's instructions, requirements, and actions are consistent with a Median integration implemented via the Membrane CLI; it asks the user to install and use the official Membrane tooling and does not request unrelated credentials or access.
- Guidance
- This skill is instruction-only and uses the Membrane CLI to talk to Median. Before installing or running commands: (1) confirm you trust the @membranehq package and its source (check the GitHub repo and package contents); (2) prefer installing a specific released version rather than @latest, or install in a virtual environment / container to limit system impact; (3) be prepared to complete browser-based auth (or paste codes for headless environments) — that grants the Membrane service access to connectors on your behalf; (4) review Membrane's privacy/docs to understand what data will be proxied to Median. If any of those steps are unacceptable, do not install/run the CLI.
Review Dimensions
- Purpose & Capability
- okName/description describe a Median integration and the instructions only require the Membrane CLI and a Membrane account, which is coherent for a connector-based integration.
- Instruction Scope
- okSKILL.md confines runtime actions to installing/using the Membrane CLI (login, connect, list actions, run actions). It does not instruct reading unrelated files, environment variables, or sending data to unexpected endpoints.
- Install Mechanism
- noteNo registry install spec is provided (instruction-only), but the README tells users to run an npm global install (npm install -g @membranehq/cli@latest). Installing a CLI from npm is expected here but has moderate operational risk (global npm installs execute package code). Consider pinning versions or installing in a controlled environment.
- Credentials
- okThe skill declares no required env vars, no primary credential, and the documentation explicitly delegates auth to Membrane (browser-based or code-paste flow). There are no disproportionate credential requests.
- Persistence & Privilege
- okThe skill is not always-enabled and does not request system-wide config changes or cross-skill modifications. Autonomous invocation is allowed (platform default) and appropriate for this integration.