Beebole
ReviewAudited by ClawScan on May 10, 2026.
Overview
This is a coherent Beebole/Membrane integration, but it needs account authentication and can change business time-tracking records, so write or delete actions should be explicitly confirmed.
Install this only if you trust Membrane and intend to connect Beebole. Confirm before any create, update, or delete action involving time entries, users, projects, or company records, and consider pinning the Membrane CLI version in sensitive environments.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the agent runs a wrong create, update, or delete action, Beebole business records could be changed.
The skill documents generic action execution and Beebole actions that can modify or delete records. This is aligned with managing Beebole data, but mistakes could affect business timekeeping or payroll-related records.
Use action names and parameters as needed... Create Time Entry ... Update Person ... Update Company ... Delete Time Entry
Use read/list actions by default and require clear user confirmation before creating, updating, or deleting Beebole records.
Installing and using the skill grants Membrane-mediated access to the connected Beebole account.
The skill requires delegated account authentication and persistent credential refresh. This is expected for the integration and there is no evidence of hardcoded credentials or credential leakage.
membrane login --tenant --clientName=<agentType> ... Membrane handles authentication and credentials refresh automatically
Log in only to the intended tenant/account, review granted permissions, and revoke the connection when it is no longer needed.
The behavior ultimately depends on the installed Membrane CLI version and npm package provenance.
The skill depends on a globally installed npm CLI using the latest tag, which is purpose-aligned but means the runtime code is not pinned in the reviewed artifact.
npm install -g @membranehq/cli@latest
In managed or sensitive environments, install from a trusted source and consider pinning or reviewing the CLI version before use.
Beebole data and authentication state may be processed through Membrane during use.
Beebole interactions and authentication are mediated through Membrane as an external integration gateway. This is disclosed and purpose-aligned, but users should understand the data boundary.
This skill uses the Membrane CLI to interact with Beebole. Membrane handles authentication and credentials refresh automatically
Use the skill only if that Membrane-mediated data flow is acceptable for the Beebole account and organization.