Skillv1.0.1

ClawScan security

Propeller · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignApr 22, 2026, 8:03 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's instructions, required actions, and requests are coherent with a Propeller integration that uses the Membrane CLI; nothing requested is disproportionate to its stated purpose.
Guidance: This skill appears coherent: it simply instructs use of the Membrane CLI to manage Propeller data. Before installing or using it, verify you trust @membranehq on the npm registry and the getmembrane.com project (review the npm package page and GitHub repository). Installing a global npm CLI runs code from the package maintainer — avoid global installs on sensitive machines or review the package source first. Be aware that authentication opens a browser/device-code flow to grant access to your Propeller data; only proceed if you trust Membrane to manage that access. If you need stronger isolation, run the CLI in a disposable environment or container and review Membrane's privacy/permission documentation.

Purpose & Capability: okName/description (Propeller integration) match the instructions: the SKILL.md consistently directs the agent to use the Membrane CLI to connect to Propeller, discover and run actions, and create actions when needed.
Instruction Scope: okThe instructions remain scoped to installing and using the Membrane CLI, authenticating via Membrane, creating/listing connections and actions, and running actions. They do not instruct the agent to read unrelated files, request unrelated credentials, or exfiltrate data to arbitrary endpoints.
Install Mechanism: noteNo install spec in the skill bundle itself (instruction-only). The doc recommends installing @membranehq/cli via npm (npm install -g or npx). This is expected for a CLI-based integration but carries the usual npm/global install risks: you should verify the package identity and trustworthiness before globally installing and avoid running it in highly sensitive environments without review.
Credentials: okThe skill declares no required env vars or credentials. Runtime instructions rely on Membrane-managed auth (browser-based or headless device-code flow). That is proportional to the stated purpose; there are no unexplained secret requests.
Persistence & Privilege: okalways is false and the skill is user-invocable. It does not request persistent agent-wide privileges or modify other skills. Autonomous invocation is allowed by default but is not combined with other concerning privileges here.