Azure Devops
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This Azure DevOps skill is mostly coherent, but it gives the agent broad authenticated API power, including raw write/delete requests, without clear guardrails.
Review this skill before installing. It is a legitimate-looking Azure DevOps integration, but only connect accounts with permissions you are comfortable delegating, and require the agent to ask before making any write, delete, pipeline, release, repository, or organization-level changes.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the agent chooses the wrong endpoint or method, it could change or delete Azure DevOps data such as work items, repositories, pipeline settings, or releases.
The skill documents an authenticated raw API escape hatch with write and delete methods, but does not include explicit user-confirmation or scoping guidance for destructive or high-impact Azure DevOps operations.
When the available actions don't cover your use case, you can send requests directly to the Azure DevOps API through Membrane's proxy... HTTP method (GET, POST, PUT, PATCH, DELETE).
Require explicit user approval before POST, PUT, PATCH, or DELETE requests; prefer listed safe actions where possible; and show the target organization, project, endpoint, and payload before running mutating commands.
The agent may be able to perform any Azure DevOps action allowed by the connected account.
The skill uses delegated Azure DevOps authentication through Membrane. This is expected for the integration, but it means the agent can act with the permissions granted to that connection.
Membrane handles authentication and credentials refresh automatically
Connect with the least-privileged Azure DevOps account or token that can complete the intended task, and review Membrane connection permissions.
A future CLI version could behave differently from the version reviewed here.
The skill asks users to globally install the latest Membrane CLI from npm. This is central to the skill's purpose, but the unpinned latest version can change over time.
npm install -g @membranehq/cli@latest
Install from a trusted npm source, consider pinning a specific CLI version, and keep the CLI updated through normal security practices.
Azure DevOps metadata or content included in requests and responses may be exposed to the Membrane service as part of normal operation.
Azure DevOps requests are routed through Membrane's proxy, so request and response data may pass through a third-party integration layer.
send requests directly to the Azure DevOps API through Membrane's proxy... injects the correct authentication headers
Use this only if you trust Membrane with the Azure DevOps data involved, and avoid sending unnecessary secrets or sensitive repository content.