Brilliant Directories
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This appears to be a legitimate Brilliant Directories integration, but it grants broad account and data-changing powers without clear limits or confirmation rules.
Install only if you trust Membrane and need agent access to Brilliant Directories. Connect a limited-permission account where possible, and require manual approval before any bulk, billing, admin, settings, import/export, create, update, or delete operation.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent using this skill could make broad or mistaken changes to directory, member, public content, billing, or administrative data if it selects the wrong action or parameters.
This generic instruction is paired with broad Brilliant Directories objects such as Import, Export, Bulk Update, Billing, Admin, Setting, Invoice, and Transaction, but the provided artifacts do not define confirmation or scope limits for high-impact actions.
Use action names and parameters as needed.
Require explicit user confirmation for create, update, delete, import/export, bulk, billing, settings, and admin actions; set record limits and prefer dry-run or preview workflows where possible.
Connecting this skill may allow the agent to act with the permissions of the connected Membrane and Brilliant Directories accounts.
The skill uses delegated Membrane authentication and automatic credential refresh, which is expected for the integration but gives the agent ongoing access through the connected account.
Membrane handles authentication and credentials refresh automatically
Use the least-privileged account or connection available, review granted scopes, and revoke the Membrane/Brilliant Directories connection when it is no longer needed.
Users depend on the current npm-published Membrane CLI package rather than code reviewed inside this skill package.
The setup uses a globally installed npm package pinned only to latest, so the code run by users may change over time and is not included in the provided artifact set.
npm install -g @membranehq/cli@latest
Install the CLI only from the trusted npm package, consider pinning a known version, and review Membrane CLI provenance before use in sensitive environments.
Business and member data may pass through the Membrane integration layer when the agent performs actions.
Membrane acts as an external connector/gateway between the agent and Brilliant Directories; this is purpose-aligned but means permissions and data boundaries depend on the Membrane-generated connection.
If no app is found, one is created and a connector is built automatically.
Review the generated connection, connector, and requested permissions before allowing sensitive data operations.