Companycam
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill is instruction-only, but its artifacts suggest credentialed, potentially financial CompanyCam authority that is broader and less clearly scoped than the description explains.
Before installing, confirm what CompanyCam or Membrane account permissions this skill receives, require explicit confirmation for any financial or organization-changing action, and prefer least-privilege or read-only access if available.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If enabled with broad authority, an agent could potentially initiate high-impact financial actions without the user realizing that capability is in scope.
The provided capability signal indicates possible purchase or financial-action authority, but the visible instructions do not define allowed operations, approval gates, spending limits, or confirmation requirements.
- can-make-purchases
Only use this skill with explicit per-action confirmation for any purchase, payment, invoice, or financial mutation, and prefer read-only or least-privilege access where possible.
The skill may need access to a real account with organization data, but users are not clearly told what credentials or permissions are required.
Credentialed access is expected for a CompanyCam integration, but the registry requirements declare no primary credential or env vars and the SKILL.md only generally mentions a valid Membrane account, leaving credential source, scope, and delegated authority unclear.
- requires-oauth-token - requires-sensitive-credentials
Verify the exact OAuth scopes and account permissions before installing, and use a dedicated least-privilege account or token when possible.
A user may think they are enabling a narrow CompanyCam integration while the skill text suggests a much broader operational scope.
The skill presents itself as a CompanyCam photo/documentation integration, but the visible overview expands into a very broad list of unrelated accounting, security, legal, and compliance objects, creating unclear expectations about what the agent may treat as in scope.
CompanyCam is a photo-based documentation ... - **Invoice** ... - **Payment** ... - **Journal Entry** ... - **Firewall** ... - **Penetration Test** ... - **Legal Hold** ...
Treat the skill as broad until the provider clarifies its exact supported resources and limits; avoid using it for unrelated financial, legal, or security workflows unless explicitly confirmed.