Back to skill
Skillv1.0.3
ClawScan security
Retailed · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 21, 2026, 10:02 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is an instruction-only wrapper that tells the agent to use the Membrane CLI to access Retailed; its requirements and instructions are coherent with that purpose and request no unexpected credentials or system-wide privileges.
- Guidance
- This skill is instruction-only and uses the Membrane CLI to talk to Retailed, which is coherent with its description. Before installing: (1) verify the @membranehq/cli package on npm and check its GitHub repo/release notes; (2) avoid installing global npm packages on shared or sensitive systems — consider using npx or a sandbox; (3) understand that authentication happens in your browser and the CLI will persist tokens/config locally; (4) review what permissions the Membrane connector requests in the connection step (scopes/allowed actions) so you only grant what you expect. If you need higher assurance, ask for the exact Membrane connector details or an explicit install manifest/source URL you can audit.
Review Dimensions
- Purpose & Capability
- okThe skill's name/description match the runtime instructions: it delegates Retailed interactions to the Membrane platform via the Membrane CLI. There are no unrelated environment variables, binaries, or config paths requested.
- Instruction Scope
- okSKILL.md confines actions to installing and running the Membrane CLI, authenticating via browser/URL, creating connections, searching and running Membrane actions, and polling action status. It does not instruct reading arbitrary local files or exfiltrating data outside the Membrane workflow.
- Install Mechanism
- noteThere is no manifest install spec, but the doc instructs users to run `npm install -g @membranehq/cli` or use `npx`. Installing a global npm package writes code to disk and executes install scripts — standard for CLIs but worth noting. Verify the package source (npm/GitHub) before installing on sensitive or shared machines.
- Credentials
- okThe skill requests no environment variables or local secrets and explicitly advises against asking users for API keys, relying on Membrane to manage auth. This is proportional to the stated purpose.
- Persistence & Privilege
- notealways is false and the skill does not request extra platform privileges. Be aware the Membrane CLI will persist connection/auth state locally (typical for CLIs); the skill itself does not demand system-wide configuration changes.