Circle
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This appears to be a real Circle/Membrane integration, but it needs Review because it can run broad Circle actions, including creating, updating, and deleting community content, without visible confirmation or scope guardrails in the provided artifacts.
Install only if you intend to let Membrane and the agent access your Circle workspace. Use a limited-permission account, pin or verify the Membrane CLI if possible, and require explicit confirmation before any action that creates, updates, deletes, or publishes Circle content.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the agent chooses the wrong action or input, it could create, alter, or delete Circle community content or member data.
The skill exposes a generic action runner for Circle actions and lists operations that can publish, modify, or delete community data. In the provided artifact text, those high-impact actions are not paired with explicit confirmation, scoping, or rollback guidance.
| Create Post | Creates a new post ... | Update Member | Updates a community member's profile information | Delete Post | Deletes a post | ... membrane action run <actionId> --connectionId=CONNECTION_ID --input '{"key": "value"}' --jsonRequire explicit user confirmation before create, update, or delete actions; use a least-privileged Circle account; review action inputs before running them; and consider an allowlist or read-only mode for routine use.
A bad or unexpected provider/connector response could influence how the agent proceeds during setup.
The connection flow may return remote instructions intended for the agent. This is disclosed setup behavior, but the artifact does not state that such instructions should remain subordinate to the user's request and safety checks.
`clientAction.agentInstructions` (optional) — instructions for the AI agent on how to proceed programmatically.
Treat returned agent instructions as operational hints, not authority over the user’s goal; keep user intent and safety policies higher priority, and ask the user before sensitive actions.
The connected Membrane/Circle account may allow the agent to read or change Circle data within the granted permissions.
The skill needs delegated Membrane/Circle authentication and credential refresh. This is expected for the integration and is disclosed, but it grants account access through the connected service.
Membrane handles authentication and credentials refresh automatically ... `membrane login --tenant --clientName=<agentType>` ... The user completes authentication in the browser.
Use a least-privileged account, review granted scopes and workspace access, and revoke the Membrane/Circle connection when it is no longer needed.
The local machine will run npm-distributed CLI code, and @latest may install a different version than the one originally reviewed.
The skill asks the user to install and execute the Membrane CLI from npm, including an unpinned @latest global install. This is purpose-aligned but means the installed code can change over time.
`npm install -g @membranehq/cli@latest` ... `npx @membranehq/cli connection get <id> --wait --json`
Pin a reviewed CLI version where possible, verify the package source, and install/run it in an environment appropriate for third-party integration tooling.
Circle data and delegated credentials may be handled through Membrane according to its service design and policies.
Circle access is mediated through Membrane as a third-party service/gateway. This is disclosed and expected, but it creates a data and credential boundary users should understand.
This skill uses the Membrane CLI to interact with Circle. Membrane handles authentication and credentials refresh automatically.
Review Membrane’s security and privacy documentation, avoid connecting unnecessarily sensitive communities or files, and use least-privileged access.