Amazon Ses
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This is a plausible Membrane-based Amazon SES connector, but it gives the agent broad authenticated SES API access through a raw proxy without clear guardrails for write, send, or delete actions.
Install only if you are comfortable letting Membrane mediate access to your Amazon SES account. Use least-privileged credentials, review the CLI install source, and require explicit approval before the agent sends email or runs any POST, PUT, PATCH, or DELETE proxy request.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent using this skill could perform high-impact Amazon SES operations, such as changing account resources or sending email, if instructed or if it chooses an unsafe API call.
This exposes a broad authenticated API escape hatch, including mutating and deleting methods, without visible endpoint limits or approval requirements.
you can send requests directly to the Amazon SES API through Membrane's proxy ... HTTP method (GET, POST, PUT, PATCH, DELETE)
Require explicit user approval before any non-read SES request, prefer discovered scoped actions over raw proxy calls, and use a least-privileged AWS/Membrane connection.
The connected Membrane/Amazon SES account permissions determine what the agent can access or change.
Delegated authentication and credential refresh are expected for an SES integration, but they mean the skill can operate with the connected account's privileges.
Membrane handles authentication and credentials refresh automatically
Connect only the intended SES account, use least-privileged credentials where possible, and revoke the connection when it is no longer needed.
The behavior may depend on whatever CLI version is current at install time.
The setup uses a global npm install of the latest CLI version, so the executed CLI code is not pinned by the skill artifact.
npm install -g @membranehq/cli@latest
Install from a trusted npm source, consider pinning a reviewed CLI version, and avoid running setup commands in sensitive environments without review.
SES request data and account operations may pass through Membrane as part of normal use.
Requests to Amazon SES are routed through Membrane's proxy with authentication handling; this is disclosed and purpose-aligned, but it is a sensitive third-party data and authority boundary.
send requests directly to the Amazon SES API through Membrane's proxy ... injects the correct authentication headers
Use only a trusted Membrane tenant, review what data is sent in requests, and avoid sending unnecessary sensitive email content or account data.