ClawHub
Back to skill
v1.0.4

Stormglassio

ReviewClawScan verdict for this skill. Analyzed Apr 30, 2026, 4:05 PM.

Analysis

This looks like a real Stormglass/Membrane integration, but it asks the agent to install and run an unpinned CLI, delegate credentials, and make broad authenticated API requests without clear safety limits.

GuidanceInstall only if you trust Membrane and the @membranehq/cli package. Prefer a pinned CLI version, review authorization scopes, use least-privileged accounts, require confirmation before any POST/PUT/PATCH/DELETE or organization-management action, and revoke the Membrane connection when finished.

Findings (8)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Agent Goal Hijack
SeverityMediumConfidenceMediumStatusConcern
SKILL.md
clientAction.agentInstructions (optional) — instructions for the AI agent on how to proceed programmatically.

The skill makes externally returned connection content a source of agent instructions, but does not state that those instructions must be constrained by the user's original goal.

User impactA connection response could steer the agent into follow-up steps the user did not explicitly request.
RecommendationTreat returned agentInstructions as untrusted guidance; follow them only when they directly match the user's request and ask for confirmation before sensitive actions.
Tool Misuse and Exploitation
SeverityHighConfidenceHighStatusConcern
SKILL.md
membrane request CONNECTION_ID /path/to/endpoint ... HTTP method (GET, POST, PUT, PATCH, DELETE)

The skill exposes a direct authenticated API proxy with mutating and deleting HTTP methods, without documented approval gates or limits on paths, inputs, or action types.

User impactThe agent could change or delete Stormglass account data if it runs an unintended action or request.
RecommendationRequire explicit user approval for POST, PUT, PATCH, and DELETE requests, and prefer read-only action discovery unless the user clearly asks for a change.
Agentic Supply Chain Vulnerabilities
SeverityHighConfidenceHighStatusConcern
SKILL.md
npm install -g @membranehq/cli@latest

The skill instructs a global installation of an unpinned npm package using @latest, while the registry has no install spec to pin, verify, or constrain that dependency.

User impactA future compromised or incompatible CLI release could be installed and run with the user's local privileges.
RecommendationPin the CLI to a reviewed version, avoid global installs where possible, and verify the package source before installing.
Unexpected Code Execution
SeverityHighConfidenceHighStatusConcern
SKILL.md
npx @membranehq/cli connection get <id> --wait --json

The instructions execute a downloaded npm package at runtime through npx, creating an install-to-run code execution path not declared as an install requirement.

User impactThe skill may cause remote package code to execute on the user's machine as part of normal use.
RecommendationInstall a pinned, trusted CLI version ahead of time and avoid runtime npx execution from @latest packages.
Cascading Failures
SeverityMediumConfidenceMediumStatusConcern
SKILL.md
description: | Stormglass.io integration. Manage Organizations. ... HTTP method (GET, POST, PUT, PATCH, DELETE)

The stated organization-management purpose plus authenticated mutating request support means a mistaken action could affect shared account or organization state, with no containment or rollback instructions in the artifact.

User impactA wrong request could impact other users or shared organization settings in the connected Stormglass account.
RecommendationConfirm organization-affecting actions with the user, preview the target resource and payload, and avoid destructive methods unless explicitly requested.
Human-Agent Trust Exploitation
SeverityLowConfidenceMediumStatusNote
SKILL.md
This is the fastest way to get a connection. ... Membrane handles authentication and credentials refresh automatically

The convenience-focused wording is not deceptive by itself, but users should notice that quick setup involves third-party credential handling and refresh.

User impactA user might authorize access quickly without considering long-lived credential delegation.
RecommendationPause during authorization to review account, scope, and revocation options before completing login.
Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse
SeverityMediumConfidenceHighStatusConcern
SKILL.md
Membrane handles authentication and credentials refresh automatically

The skill delegates authentication and ongoing credential refresh to Membrane, but the artifacts do not clearly bound credential scope, duration, or revocation despite registry requirements listing no primary credential.

User impactAuthorizing this skill may give Membrane ongoing access to the connected Stormglass account until the connection is revoked.
RecommendationUse the least-privileged Stormglass/Membrane account available, review requested access during login, and revoke the connection when it is no longer needed.
Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Insecure Inter-Agent Communication
SeverityLowConfidenceHighStatusNote
SKILL.md
send requests directly to the Stormglass.io API through Membrane's proxy ... injects the correct authentication headers

Stormglass API traffic and authentication headers are mediated by Membrane's proxy, which is purpose-aligned but important for users to understand as a data and credential boundary.

User impactAPI requests and potentially sensitive request or response data may pass through Membrane rather than going directly from the user to Stormglass.
RecommendationUse this only if you trust Membrane as an intermediary for Stormglass API traffic and credentials.