Back to skill
Skillv1.0.3
ClawScan security
Sage Hr · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 21, 2026, 1:02 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's requirements and runtime instructions align with its stated purpose (it delegates Sage HR access to the Membrane CLI); nothing requested appears disproportionate or unrelated.
- Guidance
- This skill appears to be what it says: it uses the Membrane CLI to access Sage HR and does not ask for your Sage credentials directly. Before installing or running the CLI, verify the @membranehq/cli package source (npm page, GitHub repo), consider installing in an isolated environment (container, VM, or non-root user), and review the scopes/permissions requested during the Membrane login flow. If you don't trust Membrane or prefer direct API integration, don't install the CLI — instead use official Sage HR developer docs and supply only necessary, scoped credentials.
Review Dimensions
- Purpose & Capability
- okName/description describe a Sage HR integration and the SKILL.md consistently instructs the agent to use the Membrane CLI to connect to Sage HR and run actions. No unrelated credentials, binaries, or resources are requested.
- Instruction Scope
- okInstructions are focused on installing Membrane CLI, authenticating via Membrane, creating/listing connections, discovering actions, and running those actions. They do not ask the agent to read arbitrary files, search the system, or exfiltrate unrelated data.
- Install Mechanism
- noteThe skill is instruction-only (no install spec in registry) but tells the user to run `npm install -g @membranehq/cli@latest`. This is coherent for the stated integration, but npm global installs execute third-party code on the host — users should verify the package and prefer isolated environments (container, VM, or per-user install).
- Credentials
- okThe skill requests no environment variables or direct credentials; it relies on Membrane's interactive/auth flow. This is proportionate for a connector that delegates auth to a brokered CLI.
- Persistence & Privilege
- okalways is false and the skill does not request system-wide config changes or access to other skills' credentials. Autonomous invocation is allowed by default (normal) and not combined with other concerning privileges.