Chatrace
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This is a coherent Chatrace integration, but it gives the agent broad authenticated ability to run customer-messaging, workflow, and raw API actions without clear approval boundaries.
Before installing, make sure you trust Membrane and the npm CLI, connect only an appropriate Chatrace account, and require explicit review before the agent sends messages, starts flows, changes contact data, or uses raw API write/delete requests.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the agent misinterprets a request or acts too broadly, it could message customers, trigger automations, or change/delete Chatrace data.
The skill exposes authenticated customer-messaging, workflow, contact-record changes, and raw API operations, including destructive HTTP methods, but the visible instructions do not define approval or scoping controls for high-impact actions.
Send Flow to Contact ... Sends a flow (automated sequence) to a contact; Send Text Message ... Sends a text message to a contact ... Proxy requests ... send requests directly to the Chatrace API ... injects the correct authentication headers ... HTTP method (GET, POST, PUT, PATCH, DELETE).
Use this only with explicit user confirmation for sends, writes, deletes, and bulk changes; review action IDs and JSON payloads before execution; prefer a least-privilege Chatrace connection.
The integration can act through the connected Membrane/Chatrace account and may retain a usable authenticated session.
The skill requires a logged-in Membrane account and delegated Chatrace authentication with automatic refresh. This is expected for the integration, but it grants account authority to the agent workflow.
membrane login --tenant --clientName=<agentType> ... Membrane handles authentication and credentials refresh automatically
Connect only an account appropriate for agent use, limit permissions where possible, and revoke the Membrane/Chatrace connection when no longer needed.
Future npm package changes could alter the CLI behavior, and a global CLI has local execution authority.
The setup depends on installing and running an external global npm CLI at the latest version. This is central to the skill, but the exact package version is not pinned in the artifact.
npm install -g @membranehq/cli@latest
Install only from the official Membrane package source, consider pinning a reviewed CLI version, and keep the CLI updated through trusted channels.
A connection response could influence the agent's next steps if treated as authoritative.
The skill allows instructions returned by the Membrane connection flow to guide the agent. That is expected integration plumbing, but remote instructions should not override the user's intent or higher-priority instructions.
`clientAction.agentInstructions` (optional) — instructions for the AI agent on how to proceed programmatically.
Treat returned agent instructions as tool output only, follow them only when consistent with the user's request, and ask before sensitive account actions.