Currencyapi
PassAudited by ClawScan on May 1, 2026.
Overview
This is a coherent Currencyapi integration, but users should notice that it relies on Membrane login, authenticated API access, and installing a global CLI package.
This skill appears appropriate for Currencyapi exchange-rate work. Before installing, be comfortable installing the Membrane CLI globally, logging into Membrane, and allowing Membrane to manage the Currencyapi connection. Use predefined actions where possible and review any direct proxy request before it is sent.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the CLI globally gives that npm package executable access on the user's machine.
The skill asks the user to globally install a CLI package from npm using the moving '@latest' tag. This is a normal setup step for a CLI-based integration, but users should be aware of package provenance and version drift.
npm install -g @membranehq/cli@latest
Install only from the official Membrane package source, consider pinning a known version, and review npm package provenance if operating in a sensitive environment.
The integration can use the user's Membrane-authenticated Currencyapi connection to make authorized requests.
The skill requires Membrane authentication and delegates credential handling/refresh to Membrane. This is expected for connecting to Currencyapi, but it is still account-level authority users should understand.
Membrane handles authentication and credentials refresh automatically
Use the intended Currencyapi account, confirm the connection domain is correct, and revoke the Membrane connection if it is no longer needed.
An agent using this skill could make authenticated requests to Currencyapi endpoints through Membrane if the user directs or approves that workflow.
The skill documents an authenticated proxy escape hatch for direct Currencyapi API requests when predefined actions do not cover a use case. This is purpose-aligned, but broader than the listed safe action names.
membrane request CONNECTION_ID /path/to/endpoint
Prefer the listed Currencyapi actions when possible, and review direct proxy paths, methods, and parameters before sending authenticated requests.