Centralstationcrm
AdvisoryAudited by Static analysis on Apr 2, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If used incorrectly, the agent could change or delete CRM business records or call API endpoints beyond the safer predefined actions.
The skill documents authenticated create/update/delete actions and a raw proxy that can send arbitrary CentralStationCRM API requests, including DELETE, without visible confirmation or scoping safeguards.
Create Person ... Update Person ... Delete Person ... membrane request CONNECTION_ID /path/to/endpoint ... HTTP method (GET, POST, PUT, PATCH, DELETE)
Require explicit user approval before create, update, delete, or proxy requests; prefer predefined Membrane actions; preview the target record, method, path, and payload before running.
The connected account may allow the agent to read and modify customer or business records available through that CRM connection.
The integration relies on delegated Membrane/CentralStationCRM authentication and credential refresh. This is expected for the stated purpose, but it grants account-level access to CRM data.
Membrane handles authentication and credentials refresh automatically ... membrane login --tenant ... The user completes authentication in the browser.
Connect only the intended CRM account, use the least-privileged account available, and disconnect or revoke the Membrane connection when no longer needed.
Installing a global CLI gives that package code execution on the local system during installation and use.
The skill asks users to install a global, unpinned npm CLI package. This is central to the Membrane integration, but package source and version should be verified.
npm install -g @membranehq/cli
Install the CLI only from the official package source, consider pinning a trusted version, and review the package provenance before use.