Skillv1.0.3

ClawScan security

Waylay · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignApr 22, 2026, 10:51 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill is internally consistent: it’s an instruction-only integration that tells the agent to use the Membrane CLI to interact with Waylay; it requests no unrelated credentials or elevated privileges.
Guidance: This skill is instruction-only and appears to be a straightforward connector that uses the Membrane CLI to talk to Waylay. Before installing or running commands: 1) verify you trust the @membranehq/cli package (check its npm page, repository, and maintainers); 2) prefer installing in a controlled environment (virtualenv/container) if you avoid global npm installs; 3) be aware that using the CLI will create connections and grant Membrane access to the Waylay account you authenticate—review what data/actions the Membrane service will have access to; 4) confirm the homepage/repo links (getmembrane.com and the GitHub repo) match your expectations. If you have strict data residency or compliance needs, review Membrane’s privacy/security docs before authenticating.

Purpose & Capability: okThe skill is named for Waylay and documents using the Membrane CLI as a connector to Waylay. Asking users to install @membranehq/cli and to create a Membrane connection for Waylay is coherent with the stated purpose.
Instruction Scope: okSKILL.md only instructs installing and using the Membrane CLI (login, connect, list and run actions). It does not direct the agent to read unrelated files, request unrelated environment variables, or exfiltrate data to unexpected endpoints. The instructions are explicit about interactive/headless login flows and JSON flags.
Install Mechanism: okNo automated install spec is included; the doc recommends installing the CLI via npm (npm install -g @membranehq/cli@latest) or using npx. Using npm for a published CLI is normal and traceable; there are no downloads from unknown servers or archive extraction instructions in the skill itself.
Credentials: okThe skill declares no required env vars or credentials. Authentication is delegated to the Membrane CLI/browser flow, which is proportionate for a connector-based integration. There are no requests for unrelated secrets or system credentials.
Persistence & Privilege: okThe skill is not forced-always, does not request persistent system-level changes, and does not modify other skills or system-wide agent settings. Autonomous invocation is allowed (platform default) but not combined with other red flags.