Back to skill
Skillv1.0.3
ClawScan security
Ramp · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 21, 2026, 5:04 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's requests and runtime instructions match its stated purpose (using the Membrane CLI to access Ramp) and do not ask for unrelated credentials or perform unexpected actions.
- Guidance
- This skill is coherent: it delegates Ramp access to the Membrane CLI rather than asking for Ramp API keys. Before installing, verify you trust the @membranehq npm package and the Membrane service (review the package on npm and the project repo/homepage). Prefer running the CLI install and login manually in a shell you control (or use npx for ephemeral runs) rather than pasting credentials into chat. If you permit autonomous agents to invoke skills, remember they could run membrane commands if the CLI and login are available—restrict autonomous execution or use a dedicated environment if that is a concern.
Review Dimensions
- Purpose & Capability
- okName/description (Ramp integration) align with the instructions: all actions are performed via the Membrane CLI which proxies Ramp API calls. Nothing in the SKILL.md requests unrelated cloud credentials, system access, or data sources.
- Instruction Scope
- okSKILL.md confines runtime behavior to installing/using the Membrane CLI, logging in via Membrane, creating connections to Ramp, discovering and running Membrane 'actions'. It does not instruct reading arbitrary local files, asking for API keys, or sending data to unexpected endpoints. It explicitly advises not to ask the user for API keys.
- Install Mechanism
- okInstallation guidance uses npm (npm install -g @membranehq/cli or npx), which is consistent with a CLI distributed on the npm registry. This is a common and proportionate install method for a CLI tool; no obscure download URLs or archive extraction are suggested.
- Credentials
- okThe skill declares no required env vars, no primary credential, and relies on interactive Membrane login for authentication. That is appropriate: Membrane handles auth server-side and no unrelated secrets are requested.
- Persistence & Privilege
- noteSkill is instruction-only and not always-enabled. The skill allows autonomous model invocation by default (platform default) but there are no additional red flags (no broad credential access or persistent background components). Users should be aware that if an agent is permitted to run CLI commands autonomously it could perform Membrane operations without further prompts.