Bright Security
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The skill is a coherent Bright Security/Membrane integration, but it gives the agent broad authenticated API control, including write/delete proxy requests, without clear approval or scoping guardrails.
Install only if you trust Membrane and intend to let the agent operate on Bright Security through your account. Require explicit confirmation before any create, update, delete, scan, organization, or user-management action, and prefer scoped listed actions instead of raw proxy requests.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent using this skill could make broad changes to Bright Security data or configuration if prompted incorrectly or if it misunderstands the user's intent.
This documents a raw authenticated API escape hatch, including destructive methods, without visible confirmation or scoping requirements for high-impact Bright Security account operations.
When the available actions don't cover your use case, you can send requests directly to the Bright Security API through Membrane's proxy... HTTP method (GET, POST, PUT, PATCH, DELETE).
Use only with explicit user-directed tasks, require confirmation before POST/PUT/PATCH/DELETE or scan/project/user changes, and prefer scoped Membrane actions over raw proxy requests.
The skill can access Bright Security through the user's Membrane-connected identity.
The skill relies on delegated authentication and refreshed credentials. This is expected for the integration, but it means actions run with the user's connected account privileges.
Membrane handles authentication and credentials refresh automatically... membrane login --tenant --clientName=<agentType>
Connect the least-privileged Bright Security account needed and review what tenant/account is being authenticated.
The installed CLI code may differ over time as the latest npm package changes.
The setup uses a global npm install of the latest CLI version. This is consistent with the skill's Membrane-based purpose, but the exact package version is not pinned in the artifact.
npm install -g @membranehq/cli@latest
Install from the official package source and consider pinning a known-good CLI version in controlled environments.
Bright Security data requested by the agent may be routed through Membrane as part of the integration.
Bright Security API requests are mediated by Membrane's proxy. This is disclosed and purpose-aligned, but users should recognize that API requests and responses pass through a third-party integration layer.
send requests directly to the Bright Security API through Membrane's proxy... injects the correct authentication headers
Review Membrane's data-handling terms and avoid sending unnecessary sensitive data through proxy requests.