Back to skill
Skillv1.0.4
ClawScan security
Personio · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 21, 2026, 1:04 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's requirements and instructions are consistent with a Personio integration that delegates authentication and API calls to the Membrane CLI; nothing requested appears unrelated to its stated purpose.
- Guidance
- This skill delegates Personio access to the Membrane CLI. Before installing: verify the @membranehq/cli package and repository (check the GitHub link and package publisher), and be comfortable granting Membrane access to your Personio data via the interactive login flow. Installing the CLI globally requires npm permissions—consider installing in a controlled environment or container if you prefer isolation. During the browser auth flow, review the scopes/permissions requested and avoid sharing generated auth codes in untrusted channels.
Review Dimensions
- Purpose & Capability
- okThe skill claims to integrate with Personio and all runtime instructions use the Membrane CLI to connect to Personio and run actions. No unrelated credentials, binaries, or system paths are requested.
- Instruction Scope
- okSKILL.md is focused on installing the Membrane CLI, logging in, creating a Personio connection, discovering and running actions. It does not instruct reading unrelated files or exfiltrating data to unexpected endpoints. Authentication is interactive via Membrane.
- Install Mechanism
- noteInstall is a public npm global package (@membranehq/cli) invoked by the user. This is reasonable for a CLI integration but carries the usual trust/risk of installing a third‑party global npm package—verify the package and its source before installing.
- Credentials
- okNo environment variables or unrelated credentials are requested. Authentication is performed through the Membrane CLI (interactive/browser flow), which is appropriate for this integration. Be aware the CLI will store tokens locally as part of its normal operation.
- Persistence & Privilege
- okSkill is instruction-only and not always-enabled. It does not request system-wide persistence or modification of other skills. Autonomous invocation is allowed by default (platform normal), but the skill itself does not request elevated or permanent privileges.