Coderpad
ReviewAudited by ClawScan on May 10, 2026.
Overview
This appears to be a legitimate CoderPad integration, but it can use delegated account access to read and change organization-wide CoderPad data without clear scope or confirmation limits in the supplied instructions.
Before installing, verify the Membrane CLI source, use a least-privileged CoderPad account, and require explicit confirmation before the agent creates, updates, or deletes pads or questions. Be aware that organization data, pad contents, and authentication refresh may flow through Membrane.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent could accidentally modify or delete interview pads or questions if it interprets a user request too broadly.
The skill exposes mutating and destructive CoderPad actions and gives broad action-use guidance. In the supplied excerpt, there is no visible requirement to confirm, dry-run, or narrowly scope these actions before changing account data.
When to use which actions: Use action names and parameters as needed. ... Delete Question | delete-question | Delete an interview question by ID. ... Update Pad | update-pad | Modify an existing interview pad.
Require explicit user confirmation before create, update, or delete actions; scope each action to a specific pad, question, and organization; and prefer read-only checks before mutations.
The agent may be able to access more CoderPad organization data than a user expects from a simple pad-management task.
The delegated CoderPad connection can expose organization-level data, including users and all pads. The visible instructions do not define least-privilege scopes, role limits, or per-pad containment.
membrane connection ensure "https://coderpad.io/" --json ... The user completes authentication in the browser. ... List Organization Users | list-organization-users | Retrieve all users in your organization. ... List Organization Pads | list-organization-pads | Retrieve all pads for the entire organization/company.
Connect using a least-privileged CoderPad/Membrane account, review OAuth scopes and organization permissions, and disconnect or revoke access when finished.
Installing the skill may require running external code from npm on the user's machine.
The skill relies on installing a global npm CLI at the latest version, while the submitted artifacts contain no CLI code or lockfile for review. This is central to the Membrane workflow but leaves package provenance and version changes to npm.
npm install -g @membranehq/cli@latest
Install the CLI only from the trusted npm package, consider pinning a known version, and review Membrane's package and repository before use.
CoderPad interview data and credential refresh may be handled by Membrane as part of normal operation.
CoderPad account access and potentially sensitive interview code data are routed through the Membrane integration layer. This is disclosed and purpose-aligned, but it is an important third-party data boundary.
This skill uses the Membrane CLI to interact with CoderPad. Membrane handles authentication and credentials refresh automatically ... Get Pad Environment | get-pad-environment | Retrieve detailed environment information for a pad, including file contents after edits.
Review Membrane's data handling practices, avoid requesting unnecessary pad contents, and use accounts with only the permissions needed for the task.
Remote setup instructions could steer the agent's next steps during connection handling.
The connection workflow can return agent-facing instructions from the remote service. That can be useful for setup, but those instructions should not be treated as authority to override the user's request or normal safety checks.
clientAction.agentInstructions (optional) — instructions for the AI agent on how to proceed programmatically.
Treat returned agent instructions as connection-specific hints only, and ignore any instruction that conflicts with the user's intent, requests unrelated data, or asks for unsafe actions.