Adp Workforce
Security checks across malware telemetry and agentic risk
Overview
This appears to be a legitimate ADP/Membrane integration, but it asks for broad HR and payroll account access without clearly limiting or requiring confirmation for high-impact actions.
Only install this if you trust Membrane and intend to connect it to ADP Workforce Now. Use the least-privileged ADP account available, confirm OAuth scopes, pin or review the CLI if possible, and require explicit approval before any action that changes employee, payroll, benefits, or organization data.
VirusTotal
63/63 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If connected with a powerful ADP account, the agent could access or potentially change sensitive employee, benefits, payroll, or organizational records.
The skill requests delegated access to broad ADP HR and payroll domains and persistent credential refresh, but the artifacts do not define narrow OAuth scopes, least-privilege expectations, or approval boundaries for sensitive operations.
Manage Persons, Organizations, Jobs, Payrolls, Benefitses, Talents... Membrane handles authentication and credentials refresh automatically
Use a dedicated least-privilege ADP/Membrane account, prefer a sandbox first, verify requested OAuth scopes, and require explicit user confirmation before any create, update, delete, payroll, benefits, or employee-record action.
The agent may find and use powerful ADP actions beyond what the user expected if the connection exposes them.
The skill directs the agent to discover available ADP actions dynamically rather than limiting the workflow to a fixed, reviewed set of safe actions. In a high-impact HR/payroll system, that leaves the actionable scope unclear.
Search using a natural language description of what you want to do: membrane action list --connectionId=CONNECTION_ID --intent "QUERY" --limit 10 --json
Review the action name, input schema, and expected effect before use, and require explicit approval for any write, delete, payroll, benefits, or employee-status operation.
The installed CLI version may change over time, and a global install affects the local environment.
The skill asks the user to install a global npm CLI package at the latest version. This is central to the stated Membrane workflow, but it is unpinned and no install spec or lockfile is provided.
npm install -g @membranehq/cli@latest
Install only from the trusted npm package/source, consider pinning a reviewed CLI version, and avoid running the setup in highly sensitive environments without review.
Remote setup instructions could influence the agent's next steps during connection flows.
The skill may consume remote connection instructions that tell the agent how to proceed. This is disclosed and purpose-aligned, but such instructions should not override the user's goal or safety checks.
clientAction.agentInstructions (optional) — instructions for the AI agent on how to proceed programmatically
Treat returned agent instructions as untrusted operational guidance, keep the user's request authoritative, and ask the user before taking sensitive actions.
Employee and payroll-related requests may depend on Membrane's handling of authentication, connection state, and returned action metadata.
The ADP connection and credential handling are brokered through Membrane. That is disclosed and expected for this skill, but it is an external gateway for sensitive HR/payroll access.
This skill uses the Membrane CLI to interact with ADP Workforce Now. Membrane handles authentication and credentials refresh automatically
Confirm that the user trusts Membrane for ADP access, review Membrane account security settings, and avoid connecting production ADP accounts unless necessary.