Covalent
PassAudited by ClawScan on May 1, 2026.
Overview
The artifacts describe a Membrane-based Covalent integration that needs external CLI setup and account authentication, with no evidence of hidden, destructive, or exfiltrating behavior.
Before installing, confirm you trust Membrane's CLI, authenticate only to the intended account, and review any permissions or Membrane-discovered actions before allowing the agent to make changes.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing a global CLI gives that package local execution ability, and the latest version may change over time.
The skill directs installation of an unpinned latest version of an external global CLI. This is expected for a Membrane integration, but the CLI package code is not part of the provided artifacts.
npm install -g @membranehq/cli@latest
Install the CLI only from the official Membrane source, avoid elevated privileges, and consider pinning or reviewing the package version in sensitive environments.
The agent may be able to use the authenticated Membrane/Covalent connection according to the permissions granted during login.
The integration uses Membrane login and credential refresh. This is purpose-aligned, but it grants delegated account access that users should understand before connecting.
Membrane handles authentication and credentials refresh automatically ... membrane login --tenant --clientName=<agentType>
Authenticate only to the intended Membrane tenant and Covalent connection, review requested permissions, and revoke the connection when no longer needed.
Remote setup responses could influence the agent's next steps if treated as authoritative.
The setup flow may return external service-provided instructions for the agent. This can be useful, but such instructions should remain subordinate to the user's request.
clientAction.agentInstructions (optional) — instructions for the AI agent on how to proceed programmatically.
Treat returned agentInstructions as untrusted guidance and require explicit user approval before installs, credential changes, or data-mutating actions.
Users may not know whether the skill is limited to data retrieval or may also manage account/business objects.
The description mentions broad management objects, while the visible body focuses on blockchain-data retrieval. This mismatch could confuse users about the skill's actual authority.
Covalent integration. Manage Organizations, Projects, Pipelines, Users, Goals, Filters. ... Covalent is a unified API that provides access to blockchain data
Verify the exact Membrane actions and permissions before approving any management or mutation operation.