Alchemy
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The skill is a disclosed Alchemy integration through Membrane, but users should notice it asks them to install a CLI, log in, and let the agent run Alchemy/Membrane actions.
This appears to be a normal Membrane-based Alchemy integration. Before installing, verify the Membrane CLI source, understand that you are linking a Membrane/Alchemy account, and require explicit approval before the agent runs direct API requests or any action that could change account, organization, app, webhook, billing, or other persistent data.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing a global CLI gives that package code execution on the user's machine when used.
The skill asks the user to install a global npm CLI at the latest version, which is purpose-aligned but leaves version/provenance trust to the external package source.
npm install -g @membranehq/cli@latest
Install only from the expected npm package, consider pinning a reviewed version, and avoid running it with elevated privileges unless required.
The agent may be able to use the linked Membrane/Alchemy connection until the user revokes or expires it.
The skill relies on Membrane-managed authentication and credential refresh for access to Alchemy, creating delegated account authority.
Membrane handles authentication and credentials refresh automatically
Review the authentication scopes during login, use a least-privilege account when possible, and revoke the connection when no longer needed.
External service-provided instructions could influence the agent's next steps if not treated cautiously.
The skill tells the agent that a Membrane response may contain instructions for the agent, which should not override the user's goal or higher-priority safety constraints.
clientAction.agentInstructions (optional) — instructions for the AI agent on how to proceed programmatically
Use returned agent instructions only as task-specific guidance and require user confirmation for sensitive or unexpected actions.
If used for write or account-management endpoints, the agent could make changes through the user's connected Alchemy account.
The skill documents a raw API/proxy escape hatch beyond listed actions. This is useful for an integration but may allow broader operations than the curated action list.
When the available actions don't cover your use case, you can send requests directly to the Alchemy API
Ask the agent to show the intended endpoint, parameters, and expected effect before any direct API request that could modify account, organization, app, or billing-related data.