Skillv1.0.3

ClawScan security

Sentry · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 21, 2026, 3:04 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill appears to rely on the third-party Membrane CLI/service to access Sentry (and asks you to install a global npm package) but the top-level metadata doesn't declare those requirements — this mismatch and the implicit data flow to Membrane warrant caution.
Guidance: Before installing/use: 1) Understand that this skill routes Sentry access through Membrane — your Sentry data and auth tokens will be handled by Membrane's service, not direct-to-Sentry API calls. If you require direct-only integration or want credentials kept locally, don't use it. 2) The SKILL.md asks you to install a global npm package (@membranehq/cli). Verify the package's publisher and consider installing in a controlled environment or using a pinned version rather than '@latest'. 3) Ask the publisher to update the skill metadata to declare required binaries and the need for a Membrane account, and to provide installation checksums or pinned versions. 4) If you proceed, grant the least-privileged access possible in Sentry, and review Membrane's privacy/security docs and terms. 5) If you need higher assurance, request a version of the skill that calls Sentry directly (with explicit, auditable auth) or provide more transparency on where data is sent and stored.

Review Dimensions

Purpose & Capability: noteThe skill's stated purpose is 'Sentry integration', which is reasonable, but the runtime instructions require using the Membrane CLI and a Membrane account to access Sentry. That is a legitimate architecture (Membrane acts as an integration proxy), but the top-level registry metadata did not declare the CLI or Membrane account requirement as required binaries/credentials — a transparency mismatch that users should know about.
Instruction Scope: noteSKILL.md stays within the Sentry-integration scope: it instructs installing @membranehq/cli, running 'membrane login' and creating connections/actions. It does not instruct reading unrelated files or environment variables. Important: following these instructions sends Sentry-related data and auth flows through Membrane's service rather than directly to Sentry.
Install Mechanism: concernThere is no formal install spec in the skill metadata, yet SKILL.md directs users/agents to run 'npm install -g @membranehq/cli@latest'. Asking to install a global npm package is moderate risk (it executes third-party code on the system) and should have been declared explicitly with guidance (versions, checksums, or pinned version).
Credentials: okThe skill does not request local environment variables or secrets; Membrane is described as handling auth server-side. That is proportionate if you accept a third-party service holding connection credentials, but it shifts trust to Membrane rather than the local environment.
Persistence & Privilege: okThe skill is instruction-only, declares no persistent installation in metadata, and 'always' is false. Autonomous model invocation is allowed (default) but not a new or unexpected privilege here. The skill does not request modifying other skills or system-wide configs.